In my previous article, we spoke about managing mailbox permissions. Basically there were three types of permissions available to us, which were Send As, Full Access and Read Permission.
Today, we will be digging a little more deeper. Exchange Server 2010 provides a more granular access to the folders that are present within the mailbox. Therefore, we are going to see how to manage Folder permissions on a mailbox today.
There are various access rights that can be provided in Exchange Server 2010. I have listed them below along with the functionality that they are associated with.
- ReadItems: The user has the right to read items within the specified folder.
- CreateItems: The user has the right to create items within the specified folder.
- EditOwnedItems: The user has the right to edit the items that the user owns in the specified folder.
- DeleteOwnedItems: The user has the right to delete items that the user owns in the specified folder.
- EditAllItems: The user has the right to edit all items in the specified folder.
- DeleteAllItems: The user has the right to delete all items in the specified folder.
- CreateSubfolders: The user has the right to create subfolders in the specified folder.
- FolderOwner: The user is the owner of the specified folder. The user has the right to view and move the folder and create subfolders. The user can’t read items, edit items, delete items, or create items.
- FolderContact: The user is the contact for the specified public folder.
- FolderVisible: The user can view the specified folder, but can’t read or edit items within the specified public folder.
You can see that they are very self explanatory as to what permissions that the access rights come with.
But the way that you will provide permissions to folders to other users is in the form of roles. Roles are nothing but the combination of above access rights predefined.
The Roles that are at your disposal in Exchange Server 2010 are:
- None: FolderVisible
- Owner: CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- PublishingEditor: CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- Editor: CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- PublishingAuthor: CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
- Author: CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
- NonEditingAuthor: CreateItems, ReadItems, FolderVisible
- Reviewer: ReadItems, FolderVisible
- Contributor: CreateItems, FolderVisible
Now that we are completely aware of the access rights and the associated roles with them, let us jump into the demonstration part of it.
And by the way, there is no way that you can do see this Exchange Management Console, this stuff has to be done only from the Shell! And trust me its very cool and easy.
If you have been following along with my other articles, then you know how easy the Powershell cmdlets are in Exchange. We are dealing Folder Permissions on Mailbox, so what could be the cmdlet o perform this step.
Well, you are right! It is Add-MailboxFolderPermission.
Let us say that we need to provide owner Permission to Annie Gers on Carol Reeves's Inbox. And also Reviewer permission to David Gower on Chris Pinn's Outbox.
That was so simple! Now let us Get-MailboxFolderPermission to see if the access has indeed been provided.
If suppose you wish to remove any permissions for any of the folders, then you can make use of Remove-MailboxFolderPermission cmdlet.
I hope this was informative and thank you for reading!