A user asked me the way to grant permissions to other users to access to some of his mailbox folders. And for certain folder only read-only permissions.
Let’s suppose “testuser1” wants to allow accessing some folders to “testuser2”.
Permission configuration (Outlook)
First of all, “testuser2” must have “Reviewer” (read-only) permissions on the mailbox root
Then, configure the permission on each folder we want.
“Editor” (read,write ~) on Inbox folder:
“Reviewer” (read-only) on newly created “Inbox-ReadOnly” folder:
After applying this configuration, how should “testuser2” access those folders?
“testuser2” cannot configure that mailbox as a standalone mailbox. In order to access the folders, that mailbox should be configured as an additional one:
In the folders panel, “testuser2” can ONLY view those folders in which the permissions have been configured:
And, for the “Inbox-ReadOnly”, when trying to delete or modifying something, this error is showed:
Powershell commands (instead of Outlook)
Using Outlook, the mailbox owner can grant the permissions.
But the sysadmin can also grant them for any mailbox by running “Add-MailboxFolderPermission” powershell command.
Add-MailboxFolderPermission -Identity <MAILBOX:\FOLDER> -User "USER or GROUP" -AccessRights <PERMISSION>
These are the equivalente commands for the previously granted permissions:
[PS] C:\> Add-MailboxFolderPermission -Identity testuser1:\ -User "testuser2" -AccessRights Reviewer [PS] C:\> Add-MailboxFolderPermission -Identity testuser1:\Inbox -User "testuser2" -AccessRights Editor [PS] C:\> Add-MailboxFolderPermission -Identity "testuser1:\Inbox-ReadOnly" -User "testuser2" -AccessRights Reviewer
If a folder is created inside another one (for example, if “Folder2” was created under “Inbox”), the syntax would be:
[PS] C:\> Add-MailboxFolderPermission -Identity "testuser1:\Inbox\Folder2" -User "testuser2" -AccessRights Reviewer
Granting permissions to groups
Sometimes it’s a pain finding the groups using Outlook. It’s easier using Powershell. For a distribution group, i usually use the email address:
[PS] C:\> Add-MailboxFolderPermission -Identity "testuser1:\Inbox\Folder2" -User "firstname.lastname@example.org" -AccessRights Reviewer