Dear Frank
Sorry for the late, and let me elaborate more what I want to do. Yes I mean moderation with tranport rule and the below is what I want.
When the users add new transport rules in the rules action of the mail control of the ECP, I want to use RBAC to limit the user to create only moderation transport rule for their subordinate.
Firstly, I created a new role called Finance Moderation Roles by using the below command
new-managementrole -name "Finance Moderation Roles" -Parent "transport rules"
Then I remove the unused parameters of the new-transportrule role entries so that user can only add moderation transport rule by using the below commands
remove-managementroleentry "Finance Moderation Roles\New-TransportRule"
Add-ManagementRoleEntry "Finance Moderation Roles\New-TransportRule" -Parameters AdComparisonAttribute.......
Then I created a Management Role called Finance Mailboxes by using the below command
New-ManagementScope -Name "Finance Mailboxes" -RecipientRoot "demo.technergy.local/Users" -RecipientRestrictionFilter {memberOfGroup -eq "Finance"}
Then I created a new Role Group and then assign the above Role and management scope to this role group
new-rolegroup -name "Finance Moderation Role Group" -Roles "Finance Moderation Roles" -CustomReceipientWriteScope "Finance Mailboxes"
At last, I add new members to this Role group in the ECP.
After I did above command, the users in the Role Group can only see moderation transport rules such as "Forward the message for approval" in the ECP but when the users select the sender of this moderation transport rule, the full GAL will be shown and all
users can be selectd.
Use Role Base Access Control to control the users to create moderation rules for only specific users in a NT group or OU via ECP
