Understanding Permissions

Applies to: Exchange Server 2010

You can define your permissions model in Microsoft Exchange Server 2010 to match your business model. Your organization's infrastructure, processes, and controls enable your organization to function efficiently and cost-effectively. Exchange 2010 supports your way of doing business, without increasing complexity in your environment. This topic introduces the permissions models used in Exchange 2010.

Role Based Access Control

Exchange 2010 uses the Role Based Access Control (RBAC) permissions model on the Mailbox, Hub Transport, Unified Messaging, and Client Access server roles. With RBAC, you can control what resources administrators can configure and what features users can access. The RBAC model in Exchange 2010 is flexible and provides you with several ways to customize the default permissions. Using a combination of management role groups, management role assignment policies, and management scopes, you can grant permissions to administrators and end users to closely match your organization's business needs.

For more information about RBAC, see Understanding Role Based Access Control. To configure administrator and end-user permissions, see Managing Permissions.

Edge Transport Permissions Management

The Edge Transport server role is deployed in an organization's perimeter network, which is also known as the boundary network or screened subnet. The Edge Transport server can be deployed as a stand-alone server or as a member of a perimeter Active Directory domain.

On Edge Transport servers, RBAC isn't used to control permissions. The local Administrators group is used to control who can configure Exchange features on the local server. If you have multiple Edge Transport servers, you need to add the user you want to manage those servers to the local Administrators group on each server.

For more information about permissions on Edge Transport servers, see Setting Administrator Permissions for the Edge Transport Server Role.

For More Information

Understanding Permissions Coexistence with Exchange 2007

Understanding Permissions Coexistence with Exchange 2003

Understanding Multiple-Forest Permissions

Feature Permissions