Export (0) Print
Expand All

Understanding User Roles and Permissions

 

Applies to: Forefront Online Protection for Exchange

Topic Last Modified: 2012-04-20

For each Forefront Online Protection for Exchange (FOPE) service, users are assigned to specific roles. Each role has a unique set of permissions that define access to and rights to use specific functions in the FOPE Administration Center. The table below lists each role and its permissions level in the FOPE Administration Center.

 

Role Permissions

Administrator

The Administrator has full access to all service settings and can do the following:

  • Manage all company settings and properties.
  • Manage all domains (create, modify, and delete).
  • View audit trail information.
  • Manage all user account information (create, modify, and delete). In order to Import Users From File, the permission must be granted at the Company level.
  • Assign FOPE and Exchange Hosted Archive (EHA) permissions and Roles.
  • Assign FOPE and EHA permissions and roles.
  • Manage the DST. Permissions must be granted at the Company level.
  • Create and run reports.
  • Subscribe to RSS feeds.
  • Manage Spam Filtering and Policy Filtering settings for all user accounts.
  • View all quarantined email for all users.

Administrator (read-only)

The Read-Only Administrator role has access to company and domain settings and can do the following:

  • View all company settings and properties.
  • View all domain settings.
  • View audit trail information.
  • View all user account information.
  • Create and run reports.
  • Subscribe to RSS feeds.
  • Run message trace.

Reporting User

The Reporting User has access to reporting features and can do the following:

  • Create and run reports.
  • Trace messages.

Account Manager

The Account Manager has access to user account management features and can do the following:

  • View all company settings and properties.
  • View all domain settings.
  • Manage all user account information (create, modify, and delete). In order to Import Users From File, the permission must be granted at the Company level.
  • Manage the DST. Permission must be granted at the Company level.
  • Note: this role cannot change passwords for Administrators.

Quarantine Administrator

The Quarantine Administrator has access to spam-quarantined and policy-quarantined messages and can do the following: View all quarantined email for all users.

Archive Relationship Administrator

The Archive Relationship Administrator has access to user relationships for the hosted archive service and can do the following: View and modify user relationships for hosted archive users.

Archive Retention Administrator

The Archive Retention Administrator has access to retention policy settings for the hosted archive service and can do the following: View and modify retention policy settings for the hosted archive service.

Archive Roles Administrator

The Archive Roles Administrator can view and modify user roles for EHA Viewer users and do the following: Create custom user roles for the Archive Viewer users.

Archive Compliance Administrator

The Archive Compliance Administrator has access to compliance-related settings and can do the following: View and modify compliance-related settings in the FOPE Administration Center.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft