Applies to: Exchange Server 2013
Topic Last Modified: 2013-02-21
The permissions required to perform tasks to manage recipients vary depending on the procedure being performed or the cmdlet you want to run.
To find out what permissions you need to perform the procedure or run the cmdlet, do the following:
- In the table below, find the feature that is most related to
the procedure you want to perform or the cmdlet you want to
run.
- Next, look at the permissions required for the feature. You
must be assigned one of those role groups, an equivalent custom
role group, or an equivalent management role. You can also click on
a role group to see its management roles. If a feature lists more
than one role group, you only need to be assigned one of the role
groups to use the feature. For more information about role groups
and management roles, see Understanding Role Based
Access Control.
- Now, run the Get-ManagementRoleAssignment cmdlet to look
at the role groups or management roles assigned to you to see if
you have the permissions that are necessary to manage the
feature.
Note:You must be assigned the Role Management management role to run the Get-ManagementRoleAssignment cmdlet. If you don't have permissions to run the Get-ManagementRoleAssignment cmdlet, ask your Exchange administrator to retrieve the role groups or management roles assigned to you.
If you want to delegate the ability to manage a feature to another user, see Delegate Role Assignments.
Mailbox server permissions
Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.
| Feature | Permissions required | ||
|---|---|---|---|
|
Calendar repair, server configuration |
|||
|
Delegating Mailbox servers |
|||
|
Email address policies |
|||
|
Exchange Search |
|||
|
Exchange Search – diagnostics |
View-Only Organization Management Support Diagnostics role
|
||
|
Group metrics |
|||
|
Import Export |
Mailbox Import Export role
|
||
|
Mailbox Assistants |
|||
|
Mailbox moves |
|||
|
Mailbox recovery |
|||
|
Mailbox repair request |
|||
|
Mailbox restore request |
|||
|
Mailbox server configuration |
|||
|
Manage Exchange Search Indexer service on a Mailbox server |
Local Administrator on the Mailbox server |
||
|
MAPI connectivity |
|||
|
OAB virtual directories |
|||
|
Remove store mailbox |
Calendar and sharing permissions
Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.
| Feature | Permissions required |
|---|---|
|
Calendar configuration |
|
|
Calendar diagnostics |
|
|
Calendar processing |
|
|
Notifications |
|
|
Organization relationships |
|
|
Sharing policies |
Resource mailbox configuration permissions
Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.
| Feature | Permissions required |
|---|---|
|
Booking policies |
|
|
Delegation |
|
|
Resource mailbox schema configuration |
Mailbox database permissions
Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.
| Feature | Permissions required |
|---|---|
|
Mailbox databases |
Recipient provisioning permissions
This table contains the various permissions that are required to manage recipients.
Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-Only Organization Management.
| Feature | Permissions required | |
|---|---|---|
|
Address list, GAL |
||
|
Anti-spam |
||
|
Apps for Outlook |
||
|
Applying sharing policies |
||
|
Arbitration |
||
|
Archive connectivity |
||
|
Assigning offline address books |
||
|
Automatic replies |
||
|
Calendar configuration |
||
|
Calendar repair |
||
|
Contact aggregation settings |
||
|
Disconnected mailboxes |
||
|
Distribution groups |
||
|
Dynamic distribution groups |
||
|
Email addresses |
||
|
Inbox rules |
||
|
Mail contacts |
||
|
Mail tips |
||
|
Mail user |
||
|
Mailbox folder permissions |
||
|
Mailbox folders |
||
|
MAPI connectivity |
||
|
Message configuration |
||
|
Message quotas |
||
|
Moderation |
||
|
Permissions and delegation |
||
|
Archive mailboxes |
||
|
Recipient data properties |
||
|
Remote mailboxes |
||
|
Retention and legal holds |
||
|
Send As |
||
|
Spelling configuration |
||
|
Unified Messaging |
||
|
User mailboxes |
||
|
User photos |
Mailbox move and migration permissions
The table contains the permissions that are required to move on-premises mailboxes to different domains or forests and to migrate on-premises mailboxes to and from your cloud-based organization.
| Feature | Permissions required |
|---|---|
|
Mailbox moves (local or cross-forest) |
|
|
Mailbox moves (hybrid deployment) |
|
|
Migration (on-boarding and off-boarding from the cloud) |