|< Day Day Up >|| |
The Exchange Administration Delegation wizard is designed to simplify the assignment of Exchange permissions by using Exchange administrator roles (Figure 3.10). A role is simply a collection of rights and privileges that defines a user’s or administrator’s access to objects held within an Active Directory container.
Figure 3.10: Exchange Administration Delegation wizard
Permissions are granted in ESM at either the Exchange organizational level or at an administrative group level. The objects that can be managed are determined by where you start the Exchange Administration Delegation wizard. If you select the Exchange organization before starting the wizard, the administrative permissions will be granted to all Exchange objects in the organization. Similarly, if you start the wizard after selecting an administrative group, then the scope of the permissions is limited to the objects in the selected administrative group.
Exchange provides the following set of predefined roles:
Exchange Full Administrator. The Exchange Full Administrator role is designed for those administrators who need full control over the entire Exchange organization. Users who are assigned this role can fully administer all Exchange system information and can modify permissions.
Exchange Administrator. All permissions needed to manage mailboxes or to perform normal day-to-day management are included in the Exchange Administrator role. If you use the predefined roles, the Exchange Administrator role typically would be assigned to administrators and system managers. It includes all of the permissions available with the Exchange Full Administrator role except the ability to modify permissions.
Exchange View Only Administrator. This role provides view-only access to the selected objects. It can be used in conjunction with other permissions to allow administrators to view organizational information for administrative groups that they are not administering.
You can start the Exchange Administration Delegation wizard from within ESM by right-clicking on either the Exchange organization object or an administrative group object and selecting Delegate control.
|< Day Day Up >|| |