Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide
SRG-APP-000340
Role-Based Access Control must be defined for privileged and nonprivileged users.
Role-Based Access Control must be defined for privileged and nonprivileged users.
An XCCDF Rule
Details
Profiles
Prose
Role-Based Access Control must be defined for privileged and nonprivileged users.
Medium Severity
<VulnDiscussion>Role Based Access Control (RBAC) is the permissions model used in Microsoft Exchange Server 2013, 2016, and 2019. With RBAC, there is no need to modify and manage access control lists (ACLs), which was done in Exchange Server 2007. ACLs created several challenges in Exchange 2007, such as modifying ACLs without causing unintended consequences, maintaining ACL modifications through upgrades, and troubleshooting problems that occurred due to using ACLs in a nonstandard way. RBAC enables users to control, at both broad and granular levels, what administrators and end-users can do. RBAC also enables users to more closely align the roles assigned to users and administrators to the actual roles they hold within the organization. In Exchange 2007, the server permissions model applied only to the administrators who managed the Exchange 2007 infrastructure. Starting with Exchange 2013, RBAC now controls both the administrative tasks that can be performed and the extent to which users can now administer their own mailbox and distribution groups.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>