Often my clients contact me and ask to give another user access to their calendar, while this is an easy task for most people some users are either just too lazy to figure it out or just too scared to be messing with settings.
Instead of logging into the clients computer and adjusting the permissions from their outlook client it is much easier to just administer this from the Exchange Server shell.
Permissions can easily be administered using the *-MailboxFolderPermission cmdlets. These cmdlets allow you to view, set and add permissions.
While you can use these cmdlets for any folder in the user’s mailbox the main focus will be on calendar permissions as this is the most common folder to share between users.
- Get-MailboxFolderPermission Use the Get-MailboxFolderPermission cmdlet to view folder-level permissions in mailboxes.
- Add-MailboxFolderPermission Use the Add-MailboxFolderPermission cmdlet to add folder-level permissions for users in mailboxes.
- Set-MailboxFolderPermission Use the Set-MailboxFolderPermission cmdlet to modify folder-level permissions for users in mailboxes.
- Remove-MailboxFolderPermission Use the Remove-MailboxFolderPermission cmdlet to remove folder-level permissions for users in mailboxes.
To view the access rights on a users calendar run the following command.
Get-MailboxFolderPermission –Identity user@domain.com:\Calendar
To Add access rights for a specific user on another users Calendar run the following command.
Add-MailboxFolderPermission –Identity user@domain.com:\Calendar –User “target user alias” –AccessRights Owner
To set access rights for a specific user on another users Calendar run the following command.
Set-MailboxFolderPermission –Identity user@domain.com:\Calendar –User “target user alias” –AccessRights Owner
To remove access rights for a specific user on another users Calendar run the following command.
Remove-MailboxFolderPermission –Identity user@domain.com:\Calendar –User “target user alias” –AccessRights Owner
- ReadItems The user has the right to read items within the specified folder.
- CreateItems The user has the right to create items within the specified folder.
- EditOwnedItems The user has the right to edit the items that the user owns in the specified folder.
- DeleteOwnedItems The user has the right to delete items that the user owns in the specified folder.
- EditAllItems The user has the right to edit all items in the specified folder.
- DeleteAllItems The user has the right to delete all items in the specified folder.
- CreateSubfolders The user has the right to create subfolders in the specified folder.
- FolderOwner The user is the owner of the specified folder. The user has the right to view and move the folder and create subfolders. The user can’t read items, edit items, delete items, or create items.
- FolderContact The user is the contact for the specified public folder.
- FolderVisible The user can view the specified folder, but can’t read or edit items within the specified public folder.
The AccessRights parameter also specifies the permissions for the user with the following roles, which are a combination of the rights listed previously:
- None FolderVisible
- Owner CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- PublishingEditor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- Editor CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- PublishingAuthor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
- Author CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
- NonEditingAuthor CreateItems, ReadItems, FolderVisible
- Reviewer ReadItems, FolderVisible
- Contributor CreateItems, FolderVisible
The following roles apply specifically to calendar folders:
- AvailabilityOnly View only availability data
- LimitedDetails View availability data with subject and location
