Edit Role Group Properties

  • Article

Applies to: Office 365 for enterprises, Live@edu

Use the Role Group dialog box to view or change the configuration of the role group.

  • Name
    A unique, descriptive name for the role group.
  • Description
    A description of the role's capabilities.

  • Write Scope
    The write scope defines the administrative boundary of the roles assigned to the role group. In other words, the write scope defines where members of the role group can make changes.

    When you select a write scope from the drop-down list, it is applied to all the roles that are assigned to the role group. You can select from two kinds of write scopes:

    • Default   This is the implicit write scope that applies to all the roles assigned to the role group. For built-in administrator roles that allow users to modify objects, the default write scope is the entire organization.
    • Custom   These are custom write scopes you created using the New-ManagementScope cmdlet.
      • Cloud-based organizations can create custom write scopes based on recipient filters. For example "All users where CustomAttribute1 contains 'students'".
      • On-premises implementations of Microsoft Exchange Server 2010 can also create custom write scopes based on Exchange Server attributes, Exchange database attributes, or organizational units.
        Note   Exclusive write scopes don't appear in the drop down list. An exclusive write scope isolates specific mailboxes so they can be managed by designated administrators only. For more information, see Create Exclusive Write Scopes.

    If any of the following conditions are true, you can't view or change the write scope here:

    • An end-user role is assigned to the role group.
    • A role is assigned to the role group using a different write scope than the other roles.
    • Roles are assigned to the role group using exclusive write scopes.

    To view or change the write scope of role assignments that you can't manage here, you can use the Get-ManagementRoleAssignment or Set-ManagementRoleAssignment cmdlets.

  • Organizational Unit
    This option is only available in on-premises implementations of Exchange 2010.

    Type the name of an existing organizational unit (OU) to define the write scope boundary for the roles assigned to the role group. For example, if you specify the value, contoso.com/users/americas, and assign the Recipient Management role to the role group, members of the role group can manage recipients in the contoso.com/users/americas OU only.

    Note   If any of the following conditions are true, you can't view or change the write scope here:

    • An end-user role is assigned to the role group.
    • A role is assigned to the role group using a different write scope than the other roles.
    • Roles are assigned to the role group using exclusive write scopes.

    To view or change the write scope of role assignments that you can't manage here, you can use the Get-ManagementRoleAssignment or Set-ManagementRoleAssignment cmdlets.

  • Roles
    Use this section to add or remove the administrator roles that are assigned to the selected role group. You can add or remove built-in roles or custom roles.

    When you add a role, you add the capabilities of the role to the role group members. To add a role, click Add.

    When you remove a role, you remove the capabilities of the role from the role group members. To remove a role, select the role and click Remove.

    After you add or remove roles from the role group, the affected users may need to log off and back on again to see the changes.

    Note   If any of the following conditions are true, you can't add or remove roles here:

    • An end-user role is assigned to the role group.
    • A role is assigned to the role group using a different write scope than the other roles.
    • Roles are assigned to the role group using exclusive write scopes.

    To add or remove a role from these kinds of role groups, you can use the New-ManagementRoleAssignment or Remove-ManagementRoleAssignment cmdlets.

  • Members
    Use this section to add or remove role group members.

    When you add a member, you are assigning permissions to perform the administrative tasks assigned to the role group. You can add users, security groups, or other role groups. To add members to the role group, click Add.

    When you remove members from a role group, the users won't be able to perform the administrative tasks assigned to the role group. To remove a member from the role group, select the member and click Remove.

    After you add or remove members from the role group, the affected users may need to log off and back on again to see the changes.