A user asked me the way to grant permissions to other users to access to some of his mailbox folders. And for certain folder only read-only permissions.

Let’s suppose “testuser1” wants to allow accessing some folders to “testuser2”.

Permission configuration (Outlook)

First of all, “testuser2” must have “Reviewer” (read-only) permissions on the mailbox root

Exchange – Mailbox folders permissions to other users 1
Exchange – Mailbox folders permissions to other users 2

Then, configure the permission on each folder we want.
“Editor” (read,write ~) on Inbox folder:

Exchange – Mailbox folders permissions to other users 3

“Reviewer” (read-only) on newly created “Inbox-ReadOnly” folder:

Exchange – Mailbox folders permissions to other users 4

Profile configuration

After applying this configuration, how should “testuser2” access those folders?
“testuser2” cannot configure that mailbox as a standalone mailbox. In order to access the folders, that mailbox should be configured as an additional one:

Exchange – Mailbox folders permissions to other users 5

In the folders panel, “testuser2” can ONLY view those folders in which the permissions have been configured:

Exchange – Mailbox folders permissions to other users 6

And, for the “Inbox-ReadOnly”, when trying to delete or modifying something, this error is showed:

Exchange – Mailbox folders permissions to other users 7

Powershell commands (instead of Outlook)

Using Outlook, the mailbox owner can grant the permissions.
But the sysadmin can also grant them for any mailbox by running “Add-MailboxFolderPermission” powershell command.

Add-MailboxFolderPermission -Identity <MAILBOX:\FOLDER> -User "USER or GROUP" -AccessRights <PERMISSION>

These are the equivalente commands for the previously granted permissions:

[PS] C:\> Add-MailboxFolderPermission -Identity testuser1:\ -User "testuser2" -AccessRights Reviewer
[PS] C:\> Add-MailboxFolderPermission -Identity testuser1:\Inbox -User "testuser2" -AccessRights Editor
[PS] C:\> Add-MailboxFolderPermission -Identity "testuser1:\Inbox-ReadOnly" -User "testuser2" -AccessRights Reviewer

If a folder is created inside another one (for example, if “Folder2” was created under “Inbox”), the syntax would be:

[PS] C:\> Add-MailboxFolderPermission -Identity "testuser1:\Inbox\Folder2" -User "testuser2" -AccessRights Reviewer

Granting permissions to groups

Sometimes it’s a pain finding the groups using Outlook. It’s easier using Powershell. For a distribution group, i usually use the email address:

[PS] C:\> Add-MailboxFolderPermission -Identity "testuser1:\Inbox\Folder2" -User "mydistributiongroup@domain.com" -AccessRights Reviewer