The Exchange Administration Delegation Wizards allows you to define roles at the organization level, or at the administrative group level. Where you define a role, combined with the role that you grant may create “effective” permissions. Effective permissions are permissions granted as a side-effect of a granted permission. For example, when you assign a group view-only permissions at the Organization level, the group will also have view-only permissions at the Administrative Group level. Thus, the effective, or actual, permissions of the group are view-only at both the Organization and Administrative Group levels.
More specifically, at the administrative group level:
Additionally, at the organization level:
The following table provides a summary of the effective permissions versus the granted permissions.
Granted Permissions | AG: View | AG: Admin | AG: Full Admin | ORG: View | ORG: Admin | ORG: Full Admin |
---|---|---|---|---|---|---|
AG: Exchange View Only Administrator | Yes | None | None | Yes | None | None |
AG: Exchange Administrator | Yes | Yes* | None | Yes | None | None |
AG: Exchange Full Administrator | Yes | Yes* | Yes* | Yes | None | None |
ORG: Exchange View Only Administrator | Yes | None | None | Yes | None | None |
ORG: Exchange Administrator | Yes | Yes | None | Yes | Yes | None |
ORG: Exchange Full Administrator | Yes | Yes | Yes | Yes | Yes | Yes |
* = Local administrative group only AG = Administrative group level ORG = Organization level