Sets of rights assigned to users or groups to control access to directory objects in the organization of Microsoft Exchange Server. These rights are grouped into common roles, which are then assigned to users and groups.
Exchange permissions can be assigned to any object in the Exchange directory hierarchy and are inherited by other objects below that object, provided they are in the same context.
The following table shows the individual rights that can be granted to users and groups to control access to directory objects. Note that not all of these rights are available for any given directory object.
If you don’t see the Permissions property page for an Exchange directory object, use Options from the Tools menu of the Exchange Administrator program to make it visible. (The screen capture illustrates the property sheet for the Toronto site in an Exchange organization.)
Graphic E-9. Exchange permissions.
| Right | Type of Permission Granted |
| Add Child | Create objects within a container. |
| Modify User Attributes | Modify user-level attributes of an object. |
| Modify Admin Attributes | Modify administrator-level attributes of an object. |
| Modify Permissions | Modify the permissions on the existing object. |
| Delete | Delete the object. |
| Logon | Access the directory database (needed by Exchange service account). |
| Replication | Replicate directory information with other servers (needed by Exchange service account). |
| Mailbox Owner | Read and delete messages in the mailbox. |
| Search | View the contents of the container. |
| Send As | Send a message using the sender’s return address. |