Roles

You assign permissions to a Windows NT account, user, or group by assigning a role to that account, user, or group. A role is a predetermined set of permissions that defines the access of a user or group to an object. Microsoft Exchange Server provides several default roles for directory access. Administrators can define custom roles to suit the needs of the site or organization.

The default roles for Microsoft Exchange Server directory object access and their associated permissions are shown in the following table.

Default Roles and Associated Permissions

Role Permissions
Admin Add child object, modify user and administrator attributes, delete objects, logon
Permissions admin Add child object, modify user and administrator attributes, delete objects, logon, modify existing permissions
Service acct admin Add child object, modify user and administrator attributes, delete objects, send messages as another user, , logon, replicate changed objects, modify existing permissions, act as mailbox owner
View-only admin Logon only
User Modify user attributes, send as this user, act as mailbox owner
Send as Send as this user

Note Microsoft Exchange Server roles and the permissions they encompass are not influenced by the Windows NT rights assigned to the user.