Managing Role Based Access Control
Let's try to understand the different components of RBAC in the following triangle:
You will now explore into managing role-based access control in depth, so let's see what's in store for you.
Where (scope)
This defines where the assignment that you are going to define work. It could be on a particular organizational unit, a group of users, or even objects in the configuration container, such as a group of Exchange servers or specific databases.
Each RBAC role has its recipient read and write scope and a configuration read write scope. The built-in management roles have these scopes assigned implicitly. To get a list of the implicit scopes for the default RBAC roles, type the following command:
Get-ManagementRole | FL Name, *Scope*
As we have covered in Chapter 3, Handling Distribution Groups, if you would like to modify any of the default RBAC roles, you have to create a New role, which is a child of one of these default roles. Then, modify this child role...
