Exchange Security Risk Auditor (ESRA) allows the monitoring and controlling of permissions in an Exchange system. Three permissions areas are checked by ESRA: Mailbox Access Permissions - Checks which Exchange users have access to which mailboxes. Incorrectly set mailbox Access Permissions can lead to users being able to read mail of other users. Send On Behalf Of Permissions - Shows which user can send mail on behalf of another – send on behalf of (SOBO) rights are dangerous, as messages appe