RBAC Demo Code

This is the code I use in class to demo creating custom RBAC objects.

New-ManagementScope  -name "VIP Users" –RecipientRestrictionFilter {memberofgroup –eq “cn=VIPs,OU=VIP,DC=bret-  tech,DC=com}
New-ManagementRole –name "VIP Editor" –Parent "Mail Recipients"
Get-ManagementRoleEntry "VIP Editor\*" | `
     Where-Object {$_.name –ne "Get-User"} | Remove-ManagmentRoleEntry
Add-ManagementRoleEntry "VIP Edotor\Set-User" `
   –Parameters Office, Phone, Department, Manager
New-RoleGroup "VIP Editors" –Roles "VIP Editor" `
     –CustomRecipientWriteScope "VIP Users"

