Mailbox Permissions

 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

The permissions required to perform tasks on the Mailbox server role vary depending on the procedure being performed or the cmdlet you want to run. For more information about mailbox features, see Mailbox. For a list of permissions related to high availability, see High Availability Permissions.

To find out what permissions you need to perform the procedure or run the cmdlet, do the following:

  1. In the table below, find the feature that is most related to the procedure you want to perform or the cmdlet you want to run.

  2. Next, look at the permissions required for the feature. You must be assigned one of those role groups, an equivalent custom role group, or an equivalent management role. You can also click on a role group to see its management roles. If a feature lists more than one role group, you only need to be assigned one of the role groups to use the feature. For more information about role groups and management roles, see Understanding Role Based Access Control.

  3. Now, run the Get-ManagementRoleAssignment cmdlet to look at the role groups or management roles assigned to you to see if you have the permissions that are necessary to manage the feature.

    Note

    You must be assigned the Role Management management role to run the Get-ManagementRoleAssignment cmdlet. If you don't have permissions to run the Get-ManagementRoleAssignment cmdlet, ask your Exchange administrator to retrieve the role groups or management roles assigned to you.

If you want to delegate the ability to manage a feature to another user, see Delegate Role Assignments.

Mailbox Server Permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.

Feature Permissions required

Calendar repair, server configuration

Organization Management

Server Management

Delegating Mailbox servers

Organization Management

E-mail address policies

Organization Management

Server Management

Exchange Search

Organization Management

View-Only Organization Management

Server Management

Get unsearchable items

Organization Management

View-Only Organization Management

Support Diagnostics role

Note

The Support Diagnostics role isn't assigned to a role group. For more information, see Add a Role to a User or USG.

Group metrics

Organization Management

Server Management

Import Export

Mailbox Import Export role

Note

The Mailbox Import Export role isn't assigned to a role group. For more information, see Add the Mailbox Import Export Role to a Role Group.

Mailbox Assistants

Organization Management

Server Management

Mailbox moves

Organization Management

Recipient Management

Mailbox recovery

Organization Management

Mailbox repair request

Organization Management

Server Management

Recipient Management

Mailbox restore request

Organization Management

Mailbox server configuration

Organization Management

Server Management

Manage Exchange Search Indexer service on a Mailbox server

Local Administrator on the Mailbox server

MAPI connectivity

Organization Management

Server Management

OAB virtual directories

Organization Management

Server Management

Remove store mailbox

Organization Management

Server Management

Calendar and Sharing Permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.

Feature Permissions required

Calendar configuration

Organization Management

Recipient Management

Calendar diagnostics

Organization Management

Retention Management Role

Help Desk

Calendar processing

Organization Management

Recipient Management

Help Desk

Notifications

Organization Management

Recipient Management

Organization relationships

Organization Management

Sharing policies

Organization Management

Resource Mailbox Configuration Permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.

Feature Permissions required

Booking policies

Organization Management

Recipient Management

Help Desk

Delegation

Organization Management

Recipient Management

Resource mailbox schema configuration

Organization Management

Address List Permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.

Feature Permissions required

Address book policies

Organization Management

Address list paging

Organization Management

Address lists

Organization Management

Details templates

Organization Management

File distribution service

Organization Management

Global address lists

Organization Management

Offline address books

Organization Management

Mailbox Database Permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.

Feature Permissions required

Mailbox databases

Organization Management

Server Management

Public Folder Permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.

Feature Permissions required

Mail-enabled public folders

Organization Management

Recipient Management

Public Folder Management

Public folder administrative permissions

Organization Management

Public Folder Management

Public folder client permissions

Organization Management

Public Folder Management

Public folder database repair request

Organization Management

Recipient Management

Server Management

Public folder databases

Organization Management

Server Management

Public folder replication

Organization Management

Public Folder Management

Public folders

Organization Management

Public Folder Management

Recipient Provisioning Permissions

This table contains the various permissions that are required to manage recipients.

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.

Feature Permissions required

Address list, GAL

Organization Management

Anti-spam

Organization Management

Recipient Management

Applying sharing policies

Organization Management

Recipient Management

Arbitration

Organization Management

Archive connectivity

Organization Management

View-Only Organization Management

Server Management

Assigning offline address books

Organization Management

Recipient Management

Automatic replies

Organization Management

Recipient Management

Help Desk

Calendar configuration

Organization Management

Recipient Management

Calendar repair

Organization Management

Recipient Management

Disconnected mailboxes

Organization Management

Recipient Management

Help Desk

Distribution groups

Organization Management

Recipient Management

Dynamic distribution groups

Organization Management

Recipient Management

E-mail addresses

Organization Management

Recipient Management

UM Management

Folder Management

Organization Management

Recipient Management

Inbox rules

Organization Management

Recipient Management

Help Desk

Mail contacts

Organization Management

Recipient Management

Mail tips

Organization Management

Recipient Management

Mail user

Organization Management

Recipient Management

Mailbox folder permissions

Organization Management

Recipient Management

Help Desk

Mailbox folders

Organization Management

Recipient Management

Message configuration

Organization Management

Recipient Management

Help Desk

Message quotas

Organization Management

Recipient Management

Moderation

Organization Management

Recipient Management

Permissions and delegation

Organization Management

Personal archives

Organization Management

Recipient Management

Recipient data properties

Organization Management

Recipient Management

Remote mailboxes

Organization Management

Recipient Management

Retention and legal holds

Organization Management

Recipient Management

Records Management

Send As

Organization Management

Recipient Management

Spelling configuration

Organization Management

Recipient Management

Help Desk

Unified Messaging

Organization Management

UM Management

User mailboxes

Organization Management

Recipient Management

 © 2010 Microsoft Corporation. All rights reserved.