Originally Posted by freakinvibe
The Blackberry Enterprise Administrator (the BES app role) has absolutely no rights on Exchanange and AD. So a Blackberry Enterprise Administrator (the BES app role) cannot look at anybody's e-mail.
The BES roles allow users to do things within the BES Admin Web Interface, but nothing outside.
To be honest now I'm a bit lost:
This role can perform all tasks relating to BlackBerry smartphone users, services, servers, and global application data. A BlackBerry Enterprise Administrator can also control services within the BlackBerry Enterprise Server, and can view and edit licenses and encryption keys.
So I can assign a blackberry user an arbitrary mailbox (the one his/hers blackberry is connecting to on the exchange site)?
Eg. If you are on my exchange server and person X asks for authorization to connect to YOUR mailbox, I would be able to give this to him or am I not? What would stop me from doing that? There is no separate authentication happening from user's end to access to mailbox apart from accessing the BB itself. I do not authenticate separately against exchange as a user. Correct?
(Thanks by the way for answering and clarifying all this!)