You assign permissions to a Windows NT account, user, or group by assigning a role to that account, user, or group. A role is a predetermined set of permissions that defines the access of a user or group to an object. Microsoft Exchange Server provides several default roles for directory access. Administrators can define custom roles to suit the needs of the site or organization.
The default roles for Microsoft Exchange Server directory object access and their associated permissions are shown in the following table.
Default Roles and Associated Permissions
| Role | Permissions |
|---|---|
| Admin | Add child object, modify user and administrator attributes, delete objects, logon |
| Permissions admin | Add child object, modify user and administrator attributes, delete objects, logon, modify existing permissions |
| Service acct admin | Add child object, modify user and administrator attributes, delete objects, send messages as another user, , logon, replicate changed objects, modify existing permissions, act as mailbox owner |
| View-only admin | Logon only |
| User | Modify user attributes, send as this user, act as mailbox owner |
| Send as | Send as this user |
Note Microsoft Exchange Server roles and the permissions they encompass are not influenced by the Windows NT rights assigned to the user.