Managing distribution group permissions
In the Exchange server releases prior to Exchange 2010, in order to allow a user to manage a distribution group, we just had to add the user to the distribution group owner. This changed with Exchange 2010; and later, it was released due to the introduction of a new model of delegation called role-based access control (RBAC).
Due to the introduction of RBAC in Exchange 2010 and later, if you assign the owner permission to a user for a distribution group and he tries to modify the membership of the group through Outlook, the user will get the following error:
In order to fix this issue, we need to understand how the RBAC model works. We will review RBAC from a distribution group management perspective here, and later on in Chapter 4, Exchange Security we will take a deep dive into the concepts.
RBAC enables administrators to control delegation at a very granular level; this is something that other specialist users, helpdesk administrators, and end users...
