Recipients Permissions

The permissions required to perform tasks to manage recipients vary depending on the procedure being performed or the cmdlet you want to run.

To find out what permissions you need to perform the procedure or run the cmdlet, do the following:

  1. In the table below, find the feature that is most related to the procedure you want to perform or the cmdlet you want to run.

  2. Next, look at the permissions required for the feature. You must be assigned one of those role groups, an equivalent custom role group, or an equivalent management role. You can also click on a role group to see its management roles. If a feature lists more than one role group, you need to be assigned to only one of the role groups to use the feature. For more information about role groups and management roles, see Understanding Role Based Access Control.

  3. Now, run the Get-ManagementRoleAssignment cmdlet to look at the role groups or management roles assigned to you to see if you have the permissions that are necessary to manage the feature.

    Note

    You must be assigned the Role Management management role to run the Get-ManagementRoleAssignment cmdlet. If you don't have permissions to run the Get-ManagementRoleAssignment cmdlet, ask your Exchange administrator to retrieve the role groups or management roles assigned to you.

If you want to delegate the ability to manage a feature to another user, see Delegate role assignments.

Mailbox server permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Calendar repair, server configuration Organization Management
Server Management
Delegating Mailbox servers Organization Management
Email address policies Organization Management
Server Management
Exchange Search Organization Management
View-Only Organization Management
Server Management
Exchange Search - diagnostics Organization Management
View-Only Organization Management
Support Diagnostics role
Note:: The Support Diagnostics role isn't assigned to a role group. For more information, see Add a Role to a User or USG.
Group metrics Organization Management
Server Management
Import Export Mailbox Import Export role
Note:: The Mailbox Import Export role isn't assigned to a role group. For more information, see Mailbox Import Export Role.
Mailbox Assistants Organization Management
Server Management
Mailbox moves Organization Management
Recipient Management
Mailbox recovery Organization Management
Mailbox repair request Organization Management
Server Management
Recipient Management
Mailbox restore request Organization Management
Mailbox server configuration Organization Management
Server Management
Manage Exchange Search Indexer service on a Mailbox server Local Administrator on the Mailbox server
MAPI connectivity Organization Management
Server Management
OAB virtual directories Organization Management
Server Management
Remove store mailbox Organization Management
Server Management

Calendar and sharing permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Calendar configuration Organization Management
Recipient Management
Help Desk
Calendar diagnostics Organization Management
Records Management
Hygiene Management
Compliance Management
Help Desk
Calendar processing Organization Management
Recipient Management
Help Desk
Notifications Organization Management
Recipient Management
Organization relationships Organization Management
Sharing policies Organization Management

Resource mailbox configuration permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Booking policies Organization Management
Recipient Management
Help Desk
Delegation Organization Management
Recipient Management
Resource mailbox schema configuration Organization Management

Mailbox database permissions

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Mailbox databases Organization Management
Server Management

Recipient provisioning permissions

This table contains the various permissions that are required to manage recipients.

Users who are assigned the View-Only Management role group can view the configuration of the features in the following table. For more information, see View-only Organization Management.

Feature Permissions required
Address list, GAL Organization Management
Antispam Organization Management
Recipient Management
Apps for Outlook Organization Management
View-Only Organization Management
Help Desk
Applying sharing policies Organization Management
Recipient Management
Arbitration Organization Management
Archive connectivity Organization Management
View-Only Organization Management
Server Management
Assigning offline address books Organization Management
Recipient Management
Automatic replies Organization Management
Recipient Management
Help Desk
Calendar configuration Organization Management
Recipient Management
Calendar repair Organization Management
Recipient Management
Contact aggregation settings Organization Management
Recipient Management
View-Only Organization Management
Convert mailboxes Organization Management
Recipient Management
Disconnected mailboxes Organization Management
Recipient Management
Help Desk
Distribution groups Organization Management
Recipient Management
Dynamic distribution groups Organization Management
Recipient Management
Email addresses Organization Management
Recipient Management
UM Management
Inbox rules Organization Management
Recipient Management
Help Desk
Mail contacts Organization Management
Recipient Management
Mail tips Organization Management
Recipient Management
Mail user Organization Management
Recipient Management
Mailbox folder permissions Organization Management
Recipient Management
Help Desk
Mailbox folders Organization Management
Recipient Management
MAPI connectivity Organization Management
Message configuration Organization Management
Recipient Management
Help Desk
Message quotas Organization Management
Recipient Management
Moderation Organization Management
Recipient Management
Permissions and delegation Organization Management
Archive mailboxes Organization Management
Recipient Management
Recipient data properties Organization Management
Recipient Management
Remote mailboxes Organization Management
Recipient Management
Retention and legal holds Organization Management
Recipient Management
Records Management
Send As Organization Management
Recipient Management
Spelling configuration Organization Management
Recipient Management
Help Desk
Unified Messaging (in Exchange 2016; not available in Exchange 2019) Organization Management
UM Management
User mailboxes Organization Management
Recipient Management
User photos Organization Management
Recipient Management
Help Desk

Mailbox move and migration permissions

The table contains the permissions that are required to move on-premises mailboxes to different domains or forests and to migrate on-premises mailboxes to and from your cloud-based organization.

Feature Permissions required
Mailbox moves (local or cross-forest) Organization Management
Recipient Management
Mailbox moves (hybrid deployment) Organization Management
Recipient Management
Migration (on-boarding and off-boarding from the cloud) Organization Management
Recipient Management