Summary
Permission management is an essential task for any messaging administrator. Exchange Server and Exchange Online both use the same permission model that was originally introduced in Exchange 2010 called Role-Based Access Control (RBAC).
This module examined how RBAC enables you to control what administrators and end users can do at both broad and granular levels. You also learned how RBAC enables you to closely align the roles you assign users and administrators to the actual roles they hold within your organization.
This module examined the basics of administrator roles that are managed through RBAC. Management role groups associate management roles to a group of administrators or specialist users that need to complete administrative tasks. You learned how to add or remove users to or from role groups. This process is how you most often assign permissions to administrators or specialist users.
You were then introduced to the built-in role groups provided in Exchange. Each group provides permissions to manage specific areas in Exchange. You also learned how to create custom management role groups. Custom groups may be necessary if the built-in RBAC management role groups don't provide sufficient permissions for all your company job roles.
You then examined the steps necessary to troubleshoot permission issues related to RBAC roles and role groups in Exchange.
Lastly, you examined how PIM enables organizations to minimize the number of people who have access to secure information or resources. By doing so, PIM reduces the chance of a malicious actor getting that access, or an authorized user inadvertently impacting a sensitive resource.