This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 52%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Hello,
from time to time my organization hires a temporary contractor to do specific task.
I'd like to separate such person from my organization's resources - I mean files, distribution lists, Office 365 groups, shared mailboxes, conference rooms etc. Why? Because I don't want them to see who works here, organization structure, departments, naming convention etc. Such "privileges" should only be given to regular workers.
What is the most efficient way to do it? I've tried address book policies but from contractors' account there is still access to regular users' profile cards (for example), organization data etc. I think you get the idea. I know that there may not be a all in one solution but I'd like to be as close to it as possible.
In short, contractors should only have access to workers from its department or team, at most.
Could you recommend something?
Address book policies are being superseded by Information barriers, those are your best shot currently: https://learn.microsoft.com/en-us/microsoft-365/compliance/information-barriers?view=o365-worldwide
Hi,
thank you for the suggestion, seems interesting but:
So unfortunately, that cannot be the solution.
@BS
Exchange online server doesn't have such function now. Exchange online RBAC can only configured as below:
Exchange online RBAC cannot spilt permission by department, such as team A can only manage users in department a. For more detail information about permission in Exchange online, you can have a look about this article: Permissions in Exchange Online
You can have a try with the Office 365 suggestion as michev said, if you doesn't familiar with it, you can create a service request to Office 365 team.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
thank you for the answer. IMO RBAC roles are not ideal cause there are many predefined roles and they are not customizable, especially with each particular resource such as profile card visibility. They are OK when it comes to administration delegation but don't work good enough with standard users.
RBAC is customizable, you can have a look about this article: Using Role-based Access Control (RBAC) To Manage Administrator Permissions
It could split management permission, but it can only based on permission rather than users. So, it still doesn't suitable for you.
You could post your function demand in user voice, other users will vote on your suggestion, it may make this feature appear in future versions.