RBAC in Office 365.


  • I asked this question in the Office 365 community and have not been satisfied with the answer. It involves the limited information availble concerning the exact permissions assigned to the Administrator Roles in the Admin Portal. I asked my question in this thread:

    Most of the replies I have gotten have related to information on the management roles in Exchange and Exchange Online. Below is a quote where I summed up my question.

    "The focus of my question was about management of administrative roles. Without a good understanding of the administrative functions of a role it is difficult to properly manage them. When assigning the role Password Administrator it may be surprising to some to find out that that role provides full read access to EMC and Forefont Online Protection for Exchange features and full administrative control to Lync Online.

    In the PowerShell access to Exchange Online there is a very strong set of cmdlets for reviewing and managing the RBAC used. The reason for this is likely that the session is providing access to existing RBAC cmdlets on the Exchange Servers.

    The Microsoft Online Service Module has only very basic controls. The information provided by the cmdlet Get-MsolRole is very limited as you can see by the list a names and descriptions below.

    Name Description

    ---- -----------

    Service Support Administrator Service Support Administrator has access to perform common support tasks.

    Billing Administrator Billing Administrator has access to perform common billing related tasks.

    User Account Administrator User Account Administrator has access to perform common user management related tasks.

    Helpdesk Administrator Helpdesk Administrator has access to perform common helpdesk related tasks.

    Company Administrator Company Administrator role has full access to perform any operation in the company scope.

    The information for the critical function of managing administrative roles is not available in PowerShell. Is there a location where the information in publicly available?"

    יום חמישי 31 מאי 2012 18:22

כל התגובות

  • Four and a half years later and still no answer, still no details available via PowerShell, still no public MS/TechNet articles on the matter.

    I would really like to know what actions/tasks/settings the HelpDesk Administrator role grants access to. I guess we will have to test it out and try to collect this information ourselves? We really need a solution to be able to give our first couple levels of helpdesk staff access to 365 without giving them complete control over an entire enterprise application such as Exchange, Sharepoint, Skype, etc.

    Nothing from MS? Nothing from the forum gurus?

    יום שלישי 11 אוקטובר 2016 13:29