Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. A RBAC role assignee can unexpectedly change mailbox properties that are outside the management role group scope in an Exchange Server 2010 environment

A RBAC role assignee can unexpectedly change mailbox properties that are outside the management role group scope in an Exchange Server 2010 environment

Symptoms

Consider the following scenario:  
  • You create a management role assignment in a Microsoft Exchange Server 2010 environment.
  • You assign the Mail Recipients role to a role assignee.
  • You define the scope of the role assignment to an organizational unit.
  • The role assignee tries to change mailbox properties that are outside the management role group scope by using the Set-CalendarProcessing cmdlet.
In this scenario, the role assignee can unexpectedly change the mailbox properties successfully. 

↑ Back to the top

Cause

This issue occurs because there is no Role Based Access Control (RBAC) scope verification when Exchange Server 2010 run the Set-CalendarProcessing cmdlet.

↑ Back to the top

Resolution

To resolve this issue, install the following update rollup:
2579150 Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information about Role Based Access Control, visit the following Microsoft website:
General information about Role Based Access Control
For more information about management role assignments, visit the following Microsoft website:
General information about management role assignments
For more information about the Set-CalendarProcessing cmdlet, visit the following Microsoft website:
General information about the Set-CalendarProcessing cmdlet
For more information about the Mail Recipients role, visit the following Microsoft website:
General information about the Mail Recipients role

↑ Back to the top

Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseinter, kbhotfixrollup, kb

↑ Back to the top

Article Info
Article ID : 2489130
Revision : 2
Created on : 9/26/2018
Published on : 9/26/2018
Exists online : False
Views : 273