Troubleshooting RBAC

(or determining RBAC Permissions)

* Get-ManagementScope – displays defined scopes, or details of a individual scope.
* Get-ManagementRole
* GetChildren – enumerate roles of immediate children
* Recurse – enumerate roles of children and the children of those roles
* Cmdlet – enumerate roles include this specific cmdlet
* CmdletParameters – enumerate roles include this specific parameter
* RoleType
* ViewOnlyRecipients, TransportQueues, MyContactInformation, MyDistributionGroups
* Get-ManagementRoleEntry – shows all the role entries in a Management role (Ex: Get-ManagementRoleentry “Recipient Policies\*”)
* Get-RoleGroup – shows all the groups or if you specify one with –ID will give you details on that group
* Get-RoleGroupMember – shows all the group’s members (ex: Get-RoleGroupMember “Organization Management”)
* Get-RoleAssignmentPolicy – Shows the role assignment policies
* Get-ManagementRoleAssignment
* Examples:
* Get-ManagementRoleAssignment –Role “Organization Configuration” –GetEffectiveUser –Delegating $False | FL Name, RoleAssigneeName, EffectiveUserName, AssignmentChain (shows the users and groups that have Org Config RBAC permissions)
* Get-ManagementRoleAssignment -WritableRecipient administrator –GetEffectiveUsers (shows the users that can make changes to administrator)

Note: As with all powershell commands you can use help cmdlet –examples to get more info (ex: help Get-ManagementRoleAssignment –Examples)

[] [] [] [] [] […]

Posted via email from johnacook’s posterous