Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
If you want to customize the permissions that you assign to a group of end users, create a new custom management role assignment policy. The assignment policy you create can be customized to suit your end user's specific requirements. For more information about assignment policies in Microsoft Exchange Server 2010, see Understanding Management Role Assignment Policies.
After you've created the new assignment policy, you assign users to it. For more information, see Change the Assignment Policy on a Mailbox.
Looking for other management tasks related to end users? Check out Managing End Users.
Use the ECP to create a new assignment policy
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Assignment policies" entry in the Role Management Permissions topic.
 Note: |
|---|
| You can only create explicit assignment policies using the Exchange Control Panel (ECP). If you want to create a new default assignment policy, you must use the Exchange Management Shell. For more information, see the "Use the Shell to create a default assignment policy" section later in this topic. |
- In the EMC, navigate to Toolbox in the console tree.
- In the work pane, double-click Role Based Access Control
(RBAC) User Editor to open the user editor in the Exchange
Control Panel (ECP).
- Provide credentials in the Domain\user name and
Password fields for an account that has the permissions
needed to open the user editor in the ECP. Click Sign
in.
- Click the User Roles tab.
- Click New under Role Assignment Policies.
- In the Name field, enter the name of the new assignment
policy.
- In the Description field, provide a short description of
the purpose for the assignment policy.
- Select the check box next to the role or roles you want to add
to the assignment policy. You can select multiple roles, including
end-user roles you've added. If you select a role that has child
roles, the child roles are automatically selected.
- Click Save to save the changes to the assignment
policy.
Use the Shell to create an explicit assignment policy
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Assignment policies" entry in the Role Management Permissions topic.
To create an explicit assignment policy that can be manually assigned to mailboxes, use the following syntax.
 Copy Code |
|
|---|---|
New-RoleAssignmentPolicy <assignment policy name> -Roles <roles to assign> |
|
This example creates the explicit assignment policy
Limited Mailbox Configuration and assigns the
MyBaseOptions, MyAddressInformation, and
MyDisplayName roles to it.
| Copy Code |
|
|---|---|
New-RoleAssignmentPolicy "Limited Mailbox Configuration" -Roles MyBaseOptions, MyAddressInformation, MyDisplayName |
|
For detailed syntax and parameter information, see New-RoleAssignmentPolicy.
Use the Shell to create a default assignment policy
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Assignment policies" entry in the Role Management Permissions topic.
To create a default assignment policy assigned to new mailboxes, use the following syntax.
| Copy Code |
|
|---|---|
New-RoleAssignmentPolicy <assignment policy name> -Roles <roles to assign> -IsDefault |
|
This example creates the default assignment policy
Limited Mailbox Configuration and assigns the
MyBaseOptions, MyAddressInformation, and
MyDisplayName roles to it.
| Copy Code |
|
|---|---|
New-RoleAssignmentPolicy "Limited Mailbox Configuration" -Roles MyBaseOptions, MyAddressInformation, MyDisplayName -IsDefault |
|
For detailed syntax and parameter information, see New-RoleAssignmentPolicy.
Other Tasks
After you create a new assignment policy, you may also want to: