I tried to create an Custom RBAC role for setting the “Full Mailbox “ and “Send as” permission by going through few blogs and TechNet discussion. I just tried to implement in my lab and it was successful. I tried hard for Delegate and there is no option to assign the permission to any of the Security Group Members for setting the Delegates. Delegate is an option which can be set only through outlook.
Below are the steps to create an custom RBAC role for Full Mailbox and Send As and it might be useful for if it suits some of their environment.
We can assign the permission to any of the security group Members for setting the “Full Mailbox” and “SendAs” Access rights on the User Mailboxes through RBAC custom role.
We can accomplish this task by assigning the Permissions to one of the security group Members for setting the “Full Mailbox” and “SendAs” Access rights on the User Mailboxes, Shared Mailboxes
In order to test this in lab I first created a distribution group named Exchange Mailbox Folder.
We can use the below command to check the default management role entry
get-ManagementRoleEntry “Mail Recipients\*”
Here we have the list of Mail recipients. We cannot modify the default Role “Mail Recipients”, so we have to create the new custom role.
We can remove all the unwanted cmdlets from the custom Role and then we can assign the below listed permission to the created Security Group Only.
1) Add-MailboxPermission
2) Add-MailboxFolderPermission
First we need to create a new management role with the below command
New-ManagementRole “Custom AddMailbox Permission” -Parent “Mail Recipients”
Now we need to view the list of management role entry assigned for a custom role. We do not need all of the entries which are assigned for a default custom role.
get-ManagementRoleEntry “Custom AddMailbox Permission\*”
Now we can go ahead and remove all of the role entries which we do not require and keep only add-mailbox permission and send as permission by running the below command.
get-ManagementRoleEntry “Custom AddMailbox Permission\*” | where {($_.name -ne “Add-Mailboxpermission”) -and ($_.name -ne “Add-MailboxFolderPermission”)} | Remove-ManagementRoleEntry
We then have to assign the permissions through the managementRoleAssignment.
For Full Mailbox Folder run the below command –
New-ManagementRoleAssigment “add mailbox permissions” -role “Custom AddMailbox Permission” -securityGroup “Exchange MailboxFolder ”
For SendAsPermissions run the below command –
New-ManagementRoleAssigment “add mailbox permissions” -role “Active Directory Permissions” -securityGroup “Exchange MailboxFolder ”
I was successfully able to assign the Permission to “Exchange MailboxFolder “ security Group Members for setting the “Full Mailbox” and “SendAs” Access rights on the User Mailboxes.
Thanks
Sathish Veerapandian – MVP
Tej Pratap
Ewald Hollestelle
Sathish Veerapandian
EzCloudInfo 
Excellent post.. Also include the Get cmdlets for AD and Mailbox permission so that the group members can also view who has permissions when required and also verify after permissions after assignment.
LikeLike
Thanks Ravi. Will update very soon
LikeLike
This shouldn’t work for SENDAS as would require Remove-ADPermission, Get-ADPermission and Add-ADPermission
LikeLike
Hi Mailli,
Thanks for identifying . I have updated the post with command
New-ManagementRoleAssigment “add mailbox permissions” -role “Active Directory Permissions” -securityGroup “Exchange MailboxFolder ”
LikeLike