Administrator Roles Tab

Applies to: Office 365 for enterprises, Live@edu

Topic Last Modified: 2010-08-16

A role group is a built-in universal security group with administrative rights. These administrative rights are specified by the management roles that are assigned to the role group. Management roles are part of the role based access control (RBAC) permissions model. A management role defines what someone has access to and what tasks they can perform. Each management role provides the permissions to perform specific administrative tasks, such as creating new mailboxes, resetting passwords, or searching mailboxes.

Like public groups, also known as distribution groups, role groups have members. The administrative rights associated with the role group are given to members of the role group. Therefore, all the members of a role group can perform the same set of administrative tasks allowed by the management roles assigned to the role group.

For example, suppose you hire a new employee for your help desk staff. You add the new employee to the Help Desk role group. This enables help desk personnel to manage users' mailbox options. To prevent users from performing the administrative tasks allowed by a role group, remove them as members of the role group.

To further control the administrative capabilities you give to users, you can also add or remove the roles assigned to a role group, create new role groups, copy existing role groups, or delete existing role groups.

Use the Administrator Roles tab to manage administrator role groups.

New: Create a new role group.

Details: To view more information about a role group, select it from the list. Detailed information appears in the details pane. To modify a role group, select it from the list and click Details.

Delete: Click to delete an existing role group.

Copy: Create a new role group by using an existing role group as a starting point. The roles and scope in the existing role group are copied, but the role group members aren't copied.

Refresh: Click to refresh the list of role groups.

Search role groups: If you don't see the role group you're looking for, type a role group name or part of a name and click Search Search.

Detailed information about a specific role group

The details pane shows more information about the selected role group.

Assigned Roles: List of the RBAC roles assigned to the selected role group.

Members: List of the members of the role group. The members can be users, security groups, or other role groups.

Write scope: The write scope of the roles assigned to the role group. The write scope defines the administrative boundary of the roles assigned to the role group. In other words, the write scope defines where members of the role group can make changes.