This is the code I use in class to demo creating custom RBAC objects.
New-ManagementScope -name "VIP Users" –RecipientRestrictionFilter {memberofgroup –eq “cn=VIPs,OU=VIP,DC=bret- tech,DC=com}
New-ManagementRole –name "VIP Editor" –Parent "Mail Recipients"
Get-ManagementRoleEntry "VIP Editor\*" | `
Where-Object {$_.name –ne "Get-User"} | Remove-ManagmentRoleEntry
Add-ManagementRoleEntry "VIP Edotor\Set-User" `
–Parameters Office, Phone, Department, Manager
New-RoleGroup "VIP Editors" –Roles "VIP Editor" `
–CustomRecipientWriteScope "VIP Users"