Role-Based Access Control in Microsoft Exchange 2010

Whether your company is a budding startup or a veteran in its industry, the term ‘lawsuit’ can be quite daunting. Those with experience will tell you that in the face of litigation, ignorance is anything but bliss, especially when digital files are nowhere to be found.

In the stages prior to a lawsuit being filed, the onus falls on you to ensure that all of your data, files, emails and records are readily available upon request. Essentially, certain business processes must be in place to find everything that’s needed so your company is prepared for court.

With privacy issues in the spotlight these days, the expressed concerns of employees at both ends of the spectrum are understandable. How secure is electronic discovery (or e-discovery)? Is it intrusive? Do multiple individuals or whole departments have access to my personal information? All are all viable concerns.

RBAC to the Rescue

Enter Role-Based Access Control (RBAC) – the new model for permissions in Microsoft Exchange 2010. RBAC allows systems administrators to assign and limit permissions for given role groups throughout an organization. The sheer functionality and feasibility of use is quite an upgrade from the earlier version (Exchange 2007), wherein only administrators could be assigned permissions.

Let’s put this in terms of e-discovery software. What if, for instance, you were involved in a suit that mandated the retrieval of a certain employee’s email records? There are few privacy issues more personal in nature, so, obviously, you want to handle the matter delicately. Essentially, you want the smallest possible subset of your organization to physically lay eyes on these records. It makes sense, right?

The problem is that the few employees who you’ve chosen to handle the documents (say, in the HR Department) aren’t accustomed to managing electronic discoveries, like, perhaps, the Tech Department (or better yet IT pros like Terminal!) might be. Furthermore, you want the techies to always handle the discovery. With those IT-related issues, the process just runs more smoothly that way.

The conundrum presents itself: one retrieval request, two departments, and separate tasks for each department. In older versions of Exchange, this would have been difficult to tackle. However, with RBAC, you’re able to assign search permissions to the IT Department, and visibility permissions to the HR Department, allowing both limited access to the records. The Tech Department executes the search, but has no visibility of the records. The HR Department receives the results, but has no access to the search function. Pretty cool, huh?

Role-based access control in Microsoft Exchange 2010 has changed the way companies manage email permissions. In the case of email discovery, its functionality has paved the way for a higher degree of control and more secure retrievals. I think it’s safe to say that we can all get behind that.