By default, the impersonation role - or ApplicationImpersonation - allows the Promodag account to access the contents of all mailboxes in the organization. If you wish to limit this right to a group of mailboxes you can do so by following the additional steps described below.
Read the Microsoft documentation to see how to create the list of users/mailboxes that can be scanned by Promodag Reports.
For example, run this command if you only want to limit the management scope to Room/Equipment Mailboxes:
New-ManagementScope -Name "PromodagMailboxScope" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"}
Get-RoleGroup -Identity "Promodag Reports Role Group" | fl Name, RoleAssignments
If the name of the custom role group is 'Promodag Reports Role Group', then you will obtain 'ApplicationImpersonation-Promodag Reports Role Group'.
Set-ManagementRoleAssignment -Identity "ApplicationImpersonation-Promodag Reports Role Group"-CustomRecipientWriteScope "PromodagMailboxScope"
Get-ManagementRoleAssignment -Identity "ApplicationImpersonation-Promodag Reports Role Group" | FL Name, CustomRecipientWriteScope