A user asked me the way to grant permissions to other users to access to some of his mailbox folders. And for certain folder only read-only permissions.
Let’s suppose “testuser1” wants to allow accessing some folders to “testuser2”.
Permission configuration (Outlook)
First of all, “testuser2” must have “Reviewer” (read-only) permissions on the mailbox root
![Exchange – Mailbox folders permissions to other users 1](https://somoit.net/content/images/2017/04/Exchange-%E2%80%93-Mailbox-folders-permissions-to-other-users-1.jpg)
![Exchange – Mailbox folders permissions to other users 2](https://somoit.net/content/images/2017/04/Exchange-%E2%80%93-Mailbox-folders-permissions-to-other-users-2.jpg)
Then, configure the permission on each folder we want.
“Editor” (read,write ~) on Inbox folder:
![Exchange – Mailbox folders permissions to other users 3](https://somoit.net/content/images/2017/04/Exchange-%E2%80%93-Mailbox-folders-permissions-to-other-users-3.jpg)
“Reviewer” (read-only) on newly created “Inbox-ReadOnly” folder:
![Exchange – Mailbox folders permissions to other users 4](https://somoit.net/content/images/2017/04/Exchange-%E2%80%93-Mailbox-folders-permissions-to-other-users-4.jpg)
Profile configuration
After applying this configuration, how should “testuser2” access those folders?
“testuser2” cannot configure that mailbox as a standalone mailbox. In order to access the folders, that mailbox should be configured as an additional one:
![Exchange – Mailbox folders permissions to other users 5](https://somoit.net/content/images/2017/04/Exchange-%E2%80%93-Mailbox-folders-permissions-to-other-users-5.jpg)
In the folders panel, “testuser2” can ONLY view those folders in which the permissions have been configured:
![Exchange – Mailbox folders permissions to other users 6](https://somoit.net/content/images/2017/04/Exchange-%E2%80%93-Mailbox-folders-permissions-to-other-users-6.jpg)
And, for the “Inbox-ReadOnly”, when trying to delete or modifying something, this error is showed:
![Exchange – Mailbox folders permissions to other users 7](https://somoit.net/content/images/2017/04/Exchange-%E2%80%93-Mailbox-folders-permissions-to-other-users-7.jpg)
Powershell commands (instead of Outlook)
Using Outlook, the mailbox owner can grant the permissions.
But the sysadmin can also grant them for any mailbox by running “Add-MailboxFolderPermission” powershell command.
Add-MailboxFolderPermission -Identity <MAILBOX:\FOLDER> -User "USER or GROUP" -AccessRights <PERMISSION>
These are the equivalente commands for the previously granted permissions:
[PS] C:\> Add-MailboxFolderPermission -Identity testuser1:\ -User "testuser2" -AccessRights Reviewer
[PS] C:\> Add-MailboxFolderPermission -Identity testuser1:\Inbox -User "testuser2" -AccessRights Editor
[PS] C:\> Add-MailboxFolderPermission -Identity "testuser1:\Inbox-ReadOnly" -User "testuser2" -AccessRights Reviewer
If a folder is created inside another one (for example, if “Folder2” was created under “Inbox”), the syntax would be:
[PS] C:\> Add-MailboxFolderPermission -Identity "testuser1:\Inbox\Folder2" -User "testuser2" -AccessRights Reviewer
Granting permissions to groups
Sometimes it’s a pain finding the groups using Outlook. It’s easier using Powershell. For a distribution group, i usually use the email address:
[PS] C:\> Add-MailboxFolderPermission -Identity "testuser1:\Inbox\Folder2" -User "mydistributiongroup@domain.com" -AccessRights Reviewer