Solved

GroupA assigns tasks to GrpB; ALL members can see/add/edit the whole list; GrpB can edit but not delete;

Posted on 2014-11-13
7
26 Views
Last Modified: 2016-06-03
Read last paragraph for more context and ancillary information. It may not be necessary though. (Trying to respect your time)
= = = = = = = = = = = = = = = = = = = =
Tasks come into frontdesks (GrpA) for the maintenance department(GrpB). We have Office 365 Enterprise1. I want to create a shared resource I call "The Bucket". All members of both groups can add/edit tasks but GrpB can't delete anything.

I also want a unified mailbox called bucket@mydomain.com where we can funnel all inbound emailed tasks then convert those emails to tasks.

End result, everyone has one list of everything to be done and the status of the tasks, see the bucket emails. I do not want maintenance to be able to delete emails or tasks.
= = = = = = = = = = = = = = = = = = = =
I manage beach houses with the help of an awesome frontdesk squad and maintenance department that is lacking in task management skills. I also have many many hours in research and trying to have the exact end result described below. I've tried several ways but always seem to be missing one piece. I'm hoping someone here has global knowledge of shared mailboxes, public folders and exchange in general so the can tell me which is the most logical way to set this up. I love tinkering and figuring things out on my own but I can't put any more time in this. I'm getting behind in my job-job. I know just enough about this stuff to really sound dumb.
0
Comment
Question by:commfirst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 41

Expert Comment

by:Vasil Michev (MVP)
ID: 40440582
You can get pretty granular with folder permissions, but dont forget that editing tasks can have pretty much the same result as deleting it. Plus, there is the "delete/edit own" scenario, you should decide on that one as well.

I would consider something like granting the Author level permissions on the tasks folder for GrpB, or simply granting a custom set of permissions. You can review the available options here: http://technet.microsoft.com/en-us/library/ff522363(v=exchg.150).aspx

It's not necessary to adjust them with PowerShell, you can just right-click on a folder in Outlook or OWA and do so.
0
 

Author Comment

by:commfirst
ID: 40440620
Thanks for your time!
If I end up with edited tasks that are blank then I fire them. There's not plausible deniability for malicious intent.

Is that "task folder for GrpB" a shared mailbox or a public folder?
Or do I just create a task list in my profile and share it out to everyone and tweak permissions for the groups/individuals?

I've tinkered with the permissions method and if GrpB was just one person then I would have stuck with that. But it's got to be a shared resource. Their non-task communications on their company email shouldn't be in this shared resource.

Also, if I have a shared mailbox then it bloats everyone's Outlook folder trees a little. Adds a little white noise to daily operations but I think it's the only way to have email and tasks associated with this "bucket."
0
 
LVL 41

Expert Comment

by:Vasil Michev (MVP)
ID: 40440773
If grpB corresponds to a shared resource (mailbox), it's a good idea to create a security group with all the members, and use that group to add permissions on both the shared mailbox and 'the bucket'. There should be no problem granting folder permissions to a security group, so you can use this if 'the bucket' is either another mailbox or simply a folder within your mailbox.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:commfirst
ID: 40440990
I will do that. It sounds like shared mailbox is the way. But how do those tasks and emails get handled on iPhones and Androids. Having the tasks with reminders roll out to devices would be nice. If I create a separate sub calendar in Outlook, that hits my phone. I just can't imagine that this will work like that AND maintain the permissions. If it does show up like a separate task list, I find it hard to believe that Android nor iPhone will block maintenance from deleting BUT allow them to edit. That is probably going to take testing right?
0
 
LVL 41

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40441117
Oh, for mobile devices that might indeed be a problem. The OWA for iPhone/OWA for Android device should be able to open shared mailboxes/folders however, so give that a try. You can get the apps in the corresponding app stores.

The permission should hold, those are server side, the device has no say there. Best it can do is corrupt something :)
0
 

Author Comment

by:commfirst
ID: 40441139
I forgot the updated that to handle shared resources. I think I saw it on twitter or something. I use TouchDown on Android or the native email app so I was thinking those routes. Awesome. I'm testing now.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
In-place Upgrading Dirsync to Azure AD Connect
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question