We help IT Professionals succeed at work.

exchange 2010 give limited mailbox permissions

ajdratch
ajdratch asked
on
I created a a mailbox called "shared" and created a folder called "processed"

1) I would like to assign some users the rights to see items in both folders but not be able to  delete.

2) Ideally they should be able to move emails from the inbox to the  "proccessed."   I realize this may be an issue since a move is normally a copy and delete.

I have tried this command and added the mailbox to their outlook however they can't expand the folders of the Shared mailbox.
Add-MailboxFolderPermission -Identity shared:\inbox  -user susan -accessrights reviewer
Add-MailboxFolderPermission -Identity shared:\processed  -user susan -accessrights reviewer

When I run Get-MailboxPermission shared it does not show me that those users have any rights to the mailbox
Comment
Watch Question

Most Valuable Expert 2014

Commented:
You need to grant the "Folder Visible" permission at the top of the tree. That allows the folder only to be seen.
If you have sub folders then you would grant the Folder Visible permission throughout the tree until you get to the folder that they should be able to see.

get-mailboxpermission is different to get-mailboxfolderpermission.
Get-mailboxpermission is the permission to the entire mailbox, so being unable to see a user listed there is fine.

I have screenshots on the process on my web site:
http://exchange.sembee.info/outlook/sharing-non-default-folders.asp

Simon.
Exchange server admin
Commented:
You need to assign the permissions using powershell. Please test the commands before executing.

Assign Read Permission to entire mailbox.

Add-MailboxPermission -Identity "CEOName" –User   “reciptionistname”-AccessRights ReadPermission -InheritanceType All

Then add "Reviewer" permission to mailbox and each folder within the mailbox.

Add-MailboxFolderPermission -Identity CEOName -User reciptionistname -AccessRights Reviewer
foreach($item in (Get-MailboxFolderStatistics CEOName |where { ($_.foldertype -ne "ConversationActions") -and ($_.foldertype -notlike "Recoverable*") -and ($_.FolderPath -notlike "/Sync*")})){$fname = “ReadTest:” + $f.FolderPath.Replace(“/”,”\”); Add-MailboxFolderPermission $fname -User reciptionistname -AccessRights Reviewer}

Ref: http://www.exchangedictionary.com/articles/assign-read-only-mailbox-permission-on-exchange-2010-2013-powershell

Author

Commented:
Thanks for you help, that fixed it. Before I close this, I want to check and see if I can give one person permission to move from the inbox folder to another folder but not be able to delete from the inbox
Most Valuable Expert 2014

Commented:
You need delete permissions to move an item.

Simon.

Author

Commented:
I was hoping there was a work around. Thanks for confirming.