Hi Everyone,
Good day. I would like to seek for your thoughts regarding security roles and privileges. So I have a requirement to create a new custom role to act as "System Administrator", with the ability limited only to 1) Assign users with security roles and 2) Enable the users mailboxes. I did copy the original system administrator role and removed most of the privileges. What's left are the minimum privileges mentioned in this post, plus the privileges to accomplish the goals without any delete (see below). 
Upon testing this custom role, I encounter 2 issues. First is I can add roles to the user but when I try to remove the assigned role, it throws exception and says insufficient permission. Secondly, I could not open the mailbox records and when I try to approve the primary email from the mailbox list view, I also receive insufficient permission. When I download and open the error logs, the error code -2147220970 is which is just "An unexpected error occurred." as defined in SDK.
Seems I am missing some more privileges, but I can't identify which ones. Any thoughts?
Thank you.
*This post is locked for comments
I have the same question (0)
