A judicious use of permissions can go a long way in improving overall data security.
Exchange provides its users with Role Based Access Control (RBAC) permissions. This model of permissions is based on predefined permissions. You can grant users these permission rights when you assign them their roles and thus kick start operations in MS Exchange. Assigning permissions to users through defined roles makes operations a lot easier; these roles come with predefined set of permissions, which cannot be surpassed in any given situation. When users are assigned a role, they also know what is the scope of that role is which essentially means what all permissions are attached to that role. While making use of permissions in Exchange 2013, there are a few key things you should be aware of that we have listed below for your perusal.
Role Based Permissions
As stated already, users are given certain permissions after they are assigned their roles. Exchange allows for providing users with different types of Management Roles. Depending on what role one gets, their set of permissions are determined. Different types of roles available in Exchange are:
Administrative Roles: They contain permissions which are usually assigned to specialized users or administrators who make use of role groups which help in managing the organization. For example- recipients, databases or servers.
End-user Roles: These are assigned through role assignment policies they begin using a prefix ‘My’. They allow users to manage aspects of their mailbox and distribution groups owned by them.
To be able to grant permissions, you first need to grant roles, here is an easy way to grant user and administrator roles on Exchange 2013.
Role Groups: These can help you with granting permissions to specialized users and administrators. Working with role groups becomes easier if you make use of Exchange Administrative Center (EAC). This makes adding and removing members a lot easier, you can also use this feature to add and copy role groups.
Role Assignment Policies: These can help you with granting permissions to end-users and enable them to make changes in their mailboxes and distribution groups owned by them. With Role Assignment Policies also, it is suggested to make use of EAC, to make assigning roles easier.
Impact on Security
Permissions in Exchange, like many of its other features is designed to make the handling of mailbox server a lot easier and interesting. By using permissions, you can not only explicitly state roles and permissions, but also ensure safety and security of Exchange databases. When all users are clear about their roles, responsibilities and scope, there are lesser chances of any violation. However, by making use of permissions in Exchange 2013, you cannot guarantee the safety of your Exchange databases, there is a possibility that someone from within organization might be able to gain access to administrator account and thus make use of confidential data. Therefore along with using permissions you will also have to make use of other available security features to protect your accounts. Any carelessness here can leads to incidents of security breach and data corruption and you would have to perform ost recovery to get back your data.
Allocating roles to users and administrators has worked well for multiple organizations. They are not only able to work in a more organized way, but also ensure that the right person is held accountable for any misdoings.
Van Sutton is a data recovery expert in DataNumen, Inc., which is the world leader in data recovery technologies, including outlook recovery and bkf recovery software products. For more information visit www.datanumen.com