You could follow steps below to create permission group for managing mail user and mail contact. For more detailed information, you could have a look at this article:
New-ManagementRole -Name "Contact1" -Parent "Mail Recipient Creation"
New-ManagementRole -Name "Contact2" -Parent "Mail Recipients"
Get-ManagementRoleEntry -Identity "Contact1\*" | where{$_.Name -notlike "*MailContact*" -and $_.Name -notlike "*mailUser*"} | foreach {Remove-ManagementRoleEntry -Identity "$($_.id)\$($_.name)" -Confirm:$false}
Get-ManagementRoleEntry -Identity "Contact2\*" | where{$_.Name -notlike "*MailContact*" -and $_.Name -notlike "*mailUser*"} | foreach {Remove-ManagementRoleEntry -Identity "$($_.id)\$($_.name)" -Confirm:$false}
New-RoleGroup "MailboxManagement" -Roles "Contact1","Contact2" -Members Onlineuser1@domain.onmicrosoft.com
After that those users need to manage Contact from PowerShell, there may exist some issue in GUI due to the migration from old one to new one.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.