Since Microsoft lunched Office 365 , granular administrative roles was a request from most of their clients
Lets assume that i have an E3 plan , and i have an outsource company to develop my Intranet based on SharePoint Online , the only way to give them permission to do that is to provide them Global administrator permission , which is impossible.
Now Microsoft has fixed this issue by providing new administrative roles ( Exchange administrator – SharePoint administrator – Skype for business administrator)
Enter granular administrative roles to provide Office 365 tenants with a method of assigning control over different parts of Office 365 to specific users. Tenant administrators remain all-powerful, but now they have a chance to share their power with others.
The source of authority for granular management roles lies in groups held in Azure Active Directory (AAD). You can’t see these groups through the AAD console and have to work with them using the Office 365 Admin console or PowerShell. You can see the available roles by running the Get-MsOlRole cmdlet. This command lists the available roles – the ObjectId property is important because you will use it to interact with roles in other places.
To assign a user account one of these roles, go to the Office 365 Admin Center, select the account in the Users section, and edit it. Go to Roles and select “Limited admin access” as shown in the screen shot below
You can assign Multiple roles to one user
You can also use PowerShell to add user accounts to administrative roles. For instance, here’s how t add a new Exchange Online administrator:
Add-MsOlRoleMember –RoleName ‘Exchange Service Administrator’ –RoleMemberEmailAddress ‘John.email@example.com’
After you assign the user the granular permission , allow him a couple of minutes , he should be able to log-on and see the administrative interfaces as below: