Sometimes we might need to delegate access for searching items against certain mailboxes but it should not be done against all the mailboxes in the organization. To achieve this we can create a custom RBAC policy for the same with minimal scope. This can be created using ECP or EMS.
Here we are going to create using ECP.
- Open ECP
- Select Manage My Organizationà Roles & Auditing à Discovery Management à Copy
- Give your custom name
- Specify the Scope of search
- Add the users who wants to perform searchà Save
- Make sure that Discovery mailbox is also in the same Organization Unit of Search Scope else user will be getting below error while they are performing search action
That’s it, now kottees will be able to search the items against all the mailboxes which are in Standard OU, you can move users into this OU later if they want to be part of mailbox search.
When kottees tries to search across all the mailboxes, it will only fetch the details from the given scope, for other mailboxes it will throw an error like this.
“Unable to search mailbox ‘CN=Administrator,CN=Users,DC=MyDomain,DC=com’ because the current user does not have permission to access the mailbox., Unable to search mailbox CN=SearchResults,CN=Users,DC=MyDomain,DC=com’ because the current user does not have permission to access the mailbox”
I hope you would have enjoyed reading this.