Learn more about administrator roles


Applies to: Exchange Online, Exchange Server, Exchange Server 2013

Management roles provide access to view or modify the configuration of Exchange 2013 components such as mailboxes, transport rules, and recipients. When a specific management role is applied to a role group, the members of the role group can perform the tasks permitted by the management role. Most roles grant permissions to manage the Exchange 2013 organization and servers, while other roles grant specialist users the ability to configure document retention policies, perform mailboxes searches for compliance purposes, and so on. Additional roles, called end-user roles, determine what users can manage in their own mailboxes. End-user roles can only be applied to management role assignment policies, and not role groups. For more information about roles, see Understanding management roles.

Exchange 2013 provides a set of built-in roles that you can apply to role groups. For a list of roles you can apply to role groups, see Built-in management roles. Built-in roles beginning with “My” can’t be applied to role groups.

The large selection of roles should give you the flexibility to create role groups to match your organization’s needs. However, if there isn’t a role that suits your needs, you can create a new role. After you create the role, you’ll be able to select it from the Roles field. For more information about how to create a role, see Create a role.


Creating roles is an advanced task. Before you create a new role, you’ll need to also understand management role assignments, management role entries, and other advanced Role Based Access Control (RBAC) concepts. For more information about RBAC, see Understanding Role Based Access Control.