Today I need to configure Role Based Access Control (RBAC) within Exchange 2010. The people on the helpdesk department must be able to set Send-As permissions on the mailboxes. To configure RBAC within Exchange 2010, you can use the RBAC User Editor from the Exchange 2010 toolbox.
Default there are a few pre-configured management roles, each with his own rights and permissions. In my case I added the people from the Helpdesk department in the “Recipient Management” role group. But for setting Send-As permissions, they need some rights more to perform this action.
With the following command, you can extent the role group “Recipient Management” with the Send-As permissions, so they are able to configure Send-As permissions on a specific mailbox. The case in this one is that the Send-As permission is a Active Directory permission, so they also need the role “Active Directory Permissions”.
New-ManagementRoleAssignment -Name “ADPermissions Recipient Mgmt” -Role “Active Directory Permissions” -SecurityGroup “Recipient Management”
Get-ManagementRole “Active Directory Permissions” | fl
Get-RoleGroup -Identity “Recipient Management” | fl
Now the members of the role group “Recipient Management” have also the ability to change or configure Send-As permissions. You can also do this through the GUI by dubble-click on the group “Recipient Management” and add the specific management role. See the screenshots below.