I suggest you ...

Can the ODB Admin portal be modified to allow for assigning roles and permissions to groups of administrators to allow them to perform tasks

Can the ODB Admin portal be modified to allow for assigning roles and permissions to groups of administrators to allow them to perform tasks such as:
1. Display the access rights of a mysite
2. Delegate or remove permissions to a mysite
3. Display the storage used by a mysite
4. Display the properties of a mysite
5. Display number of files in a mysite
6. Display number of files in the mysite recycle bin
7. Recover contents from a mysite recycle bin
8. Display last accessed date of a mysite
9. Display last modified date
10. Display reports
11. Display deleted mysites
12. Recover deleted mysites

50 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Keith shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Completely agree, if anything every role that exists already needs an equivalent reader role so that operational teams or those investigating configuration can see whats been set without being able to change it.
        With regards to this request, absolutely agree, far too many time MS look at the roles through a small company lense, assuming that the person or team that manages service X also manages service Y, that is just so far from reality when you look at large companies who require far more granularity. As a result we end up having to provide global admin rights, or SP rights as is the case here to a team that doesn't need that level of permissions, but has to have it via an exception in order to perform their job.
        Needs addressing asap before it becomes a massive administrative mess.....

      • Demetrios Barbalios, JPMC commented  ·   ·  Flag as inappropriate

        I second this move. Generally speaking, o365 roles need to be defined to correlate with the various support roles of a company. Level 1 support should be able to do all of the things listed above.
        Then we get into level 2 which should have this plus the ability to do minor admin functions. an example is we have a concept of a locked site which is the first stage of site deletion of the site has not been certified by the owner. If they miss the certification period, the site gets locked and is inaccessible. Then a support ticket is opened, level 1 receives it, send it to level 2 which would walk the owner through the attestation and certification and then "unlock" the site.

        Then we get into level 3 which should have full tenant access trough an elevated second managed service account.

      OneDrive: OneDrive for Business

      Feedback and Knowledge Base