Remove a Role from an Assignment Policy

Applies to: Exchange Server 2010

If you don't want end users to have permissions to manage features of their mailbox or distribution group, you can remove the management role assignment between their management role assignment policy and the management role that grants the permissions. If other users are assigned the same assignment policy, they also lose the ability to manage that feature. For more information about assignment policies and management role assignments in Microsoft Exchange Server 2010, see the following topics:

• Understanding Management Role Assignment Policies
• Understanding Management Role Assignments

Looking for other management tasks related to end users? Check out Managing End Users.

Use the Shell to remove a role from an assignment policy

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Assignment policies" entry in the Role Management Permissions topic.

1. To find the name of the management role assignment that assigns the role to the assignment policy, use the following syntax.

   Get-ManagementRoleAssignment -RoleAssignee <assignment policy name>
   

2. Find the name of the role assignment you want to remove from the assignment policy in the list returned.

3. To remove the role assignment from the assignment policy, use the following syntax.

   Remove-ManagementRoleAssignment <role assignment name>
   

This example removes the management role that enables users assigned the Seattle Users assignment policy to manage their voice mail options.

Get-ManagementRoleAssignment -RoleAssignee "Seattle Users"

In this example, the role assignment MyVoicemail_SeattleUsers is returned. The MyVoicemail management role controls the voice mail options users can manage. Because of a standardized naming policy, the role assignment name was appended with the name of the assignment policy that the role is assigned to, MyVoicemail_SeattleUsers. This name can be used in the following command.

Remove-ManagementRoleAssignment MyVoicemail_SeattleUsers

For detailed syntax and parameter information, see Remove-ManagementRoleAssignment.

Other Tasks

After you remove a role from an assignment policy, you may also want to:

• View a List of Roles on an Assignment Policy