Shared mailbox folder security assignment per user
I am trying to configure a shared mailbox – Orders@mdomain.com for say for 4 users. on Exchange 2016 on premise server.
There are 4 users Bob, Bill, Steve ad Mike and 3 folders in shared mailbox Orders
With same name as users Bob, Bill and Steve.
I want to configure permissions to each folder as follow.
1 Bob is an OWNER for Bob folder while Bill, Steve, and Mike only REVIEWER for it.
2. Bill is an OWNER for BILL folder while Bob, Steve and Mike only reviewer for it.
3. Steve is an ONWER other can only Review (read)
When I create shared ORDERS mailbox orders and add all users to a delegation with full access all 4 have full rights while if I do folder permissions
With
Add-MailboxFolderPermissio
Add-MailboxFolderPermissio
All uses can see Shared MB Orders automatically cached in their outlook regardless of my permission via Powershell
While if no delegation set in ESM and only with powershel users can’t open mailbox
https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/add-mailboxfolderpermission?view=exchange-ps
I am looking for an expert advice with s a sample syntax. (not looking for any google search results)
Thank you
There are 4 users Bob, Bill, Steve ad Mike and 3 folders in shared mailbox Orders
With same name as users Bob, Bill and Steve.
I want to configure permissions to each folder as follow.
1 Bob is an OWNER for Bob folder while Bill, Steve, and Mike only REVIEWER for it.
2. Bill is an OWNER for BILL folder while Bob, Steve and Mike only reviewer for it.
3. Steve is an ONWER other can only Review (read)
When I create shared ORDERS mailbox orders and add all users to a delegation with full access all 4 have full rights while if I do folder permissions
With
Add-MailboxFolderPermissio
Add-MailboxFolderPermissio
All uses can see Shared MB Orders automatically cached in their outlook regardless of my permission via Powershell
While if no delegation set in ESM and only with powershel users can’t open mailbox
https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/add-mailboxfolderpermission?view=exchange-ps
I am looking for an expert advice with s a sample syntax. (not looking for any google search results)
Thank you
ASKER
it doesn't work properly
if I do full access delegation all users have full access regardless folder permissions assigment per folder
if I do power shell only I am getting an error when try to open mailbox with either in outlook or OWA (additional mailbox or cached )
there is no need to send as
incoming emails have approval web links and only assigned user can delete the email in his folder
if I do full access delegation all users have full access regardless folder permissions assigment per folder
if I do power shell only I am getting an error when try to open mailbox with either in outlook or OWA (additional mailbox or cached )
there is no need to send as
incoming emails have approval web links and only assigned user can delete the email in his folder
Just for clarification using GUI (delegation) this is Mailbox permission which by default work with auto mapping in user's granted permission on shared mailbox but, when you configure mailbox folder permissions, auto-mapping is not used at all. Users will always need to manually add mailboxes to their Outlook profile, if their access has been granted using mailbox folder permissions.
Ask me if this not enough clarification.
Regards
Ask me if this not enough clarification.
Regards
ASKER
when I have only folder permission set via command shell to reviewer and no delegation I am getting an error when try to mount shared mailbox
:-(
Something went wrong
You don't have permission to open this mailbox.
X-ClientId: CAF819AB046E441192A6ED780D
request-id be38de1e-4c31-4d46-93b2-c3
X-OWA-Error Microsoft.Exchange.Clients
X-OWA-Version 15.1.1531.8
:-(
Something went wrong
You don't have permission to open this mailbox.
X-ClientId: CAF819AB046E441192A6ED780D
request-id be38de1e-4c31-4d46-93b2-c3
X-OWA-Error Microsoft.Exchange.Clients
X-OWA-Version 15.1.1531.8
Run
Get-MailboxFolderPermissio
And check if permission is assigned correctly
Get-MailboxFolderPermissio
And check if permission is assigned correctly
ASKER
get_mailboxFolderPerminsio
FolderName User AccessRights
---------- ---- ------------
bob Default {None}
bob Anonymous {None}
bob Bill {Reviewer}
yet Bill can't mount orders mailbox
FolderName User AccessRights
---------- ---- ------------
bob Default {None}
bob Anonymous {None}
bob Bill {Reviewer}
yet Bill can't mount orders mailbox
ASKER
any solution?
Leop1212,
This is fairly simple. The first thing I want you to do is send us a screenshot of the exact paths on that shared mailbox.
Please run this command
Get-MailboxFolderStatistic
This is fairly simple. The first thing I want you to do is send us a screenshot of the exact paths on that shared mailbox.
Please run this command
Get-MailboxFolderStatistic
ASKER
[PS] C:\Windows\system32>Get-Ma
Name FolderPath
---- ----------
Top of Information Store /Top of Information Store
Bob /Bob
Calendar /Calendar
Contacts /Contacts
GAL Contacts /Contacts/GAL Contacts
Recipient Cache /Contacts/Recipient Cache
Conversation Action Settings /Conversation Action Settings
Deleted Items /Deleted Items
Drafts /Drafts
ExternalContacts /ExternalContacts
Files /Files
Inbox /Inbox
Journal /Journal
Junk Email /Junk Email
Notes /Notes
Outbox /Outbox
Rick /Rick
Sent Items /Sent Items
Tasks /Tasks
Yammer Root /Yammer Root
Feeds /Yammer Root/Feeds
Inbound /Yammer Root/Inbound
Outbound /Yammer Root/Outbound
Recoverable Items /Recoverable Items
Calendar Logging /Calendar Logging
Deletions /Deletions
Purges /Purges
Versions /Versions
exch2016-shared.txt
Name FolderPath
---- ----------
Top of Information Store /Top of Information Store
Bob /Bob
Calendar /Calendar
Contacts /Contacts
GAL Contacts /Contacts/GAL Contacts
Recipient Cache /Contacts/Recipient Cache
Conversation Action Settings /Conversation Action Settings
Deleted Items /Deleted Items
Drafts /Drafts
ExternalContacts /ExternalContacts
Files /Files
Inbox /Inbox
Journal /Journal
Junk Email /Junk Email
Notes /Notes
Outbox /Outbox
Rick /Rick
Sent Items /Sent Items
Tasks /Tasks
Yammer Root /Yammer Root
Feeds /Yammer Root/Feeds
Inbound /Yammer Root/Inbound
Outbound /Yammer Root/Outbound
Recoverable Items /Recoverable Items
Calendar Logging /Calendar Logging
Deletions /Deletions
Purges /Purges
Versions /Versions
exch2016-shared.txt
There are 4 users Bob, Bill, Steve ad Mike and 3 folders in shared mailbox Orders<<I only see the bob folder in this shared mailbox. Where is the Bill, Steve, and mike folders in this shared mailbox
1. For the bob folder
Add-MailboxFolderPermissio
"Billsemailaddress","steve
1. For the bob folder
Add-MailboxFolderPermissio
"Billsemailaddress","steve
Leop12,
Remember this is not full access we are giving Bill,Steve, or Mike so you have to add the mailbox to outlook via File>Account Settings>Account Settings(double click the email account)>More Settings>Advanced Tab...add the shared mailbox in there.
It will only automap if you are giving the guys full access to the shared mailbox
Remember this is not full access we are giving Bill,Steve, or Mike so you have to add the mailbox to outlook via File>Account Settings>Account Settings(double click the email account)>More Settings>Advanced Tab...add the shared mailbox in there.
It will only automap if you are giving the guys full access to the shared mailbox
Hi leop1212, As I mentioned in my previous comment earlier it shoud be add manually by users , please check https://support.office.com/en-us/article/access-another-person-s-mailbox-a909ad30-e413-40b5-a487-0ea70b763081
ASKER
Ahmed,
I am not sure you reading my follow ups. I do know how to access another mailbox. I do it for 20 years.
in my case I login user with view permissions to the folder via OWA and go to the option of Open another mailbox > point to orders@mydomain.com and getting an error
:-(
Something went wrong
You don't have permission to open this mailbox.
More details...
Refresh the page
I am not sure you reading my follow ups. I do know how to access another mailbox. I do it for 20 years.
in my case I login user with view permissions to the folder via OWA and go to the option of Open another mailbox > point to orders@mydomain.com and getting an error
:-(
Something went wrong
You don't have permission to open this mailbox.
More details...
Refresh the page
leop1212,
Being that the access is on the bob folder trying going here:
orders@mydomain.com\bob
Being that the access is on the bob folder trying going here:
orders@mydomain.com\bob
ASKER
even if I point to orders@mydomain.com\bob instead of just orders@mydomain.com I am still getting same error
Leop1212,
I did have this issue before. I forgot what we have to do is give Mike this permission as well:
Add-MailboxFolderPermissio
I did have this issue before. I forgot what we have to do is give Mike this permission as well:
Add-MailboxFolderPermissio
As a matter of fact you didn't make the Bob folder under you inbox so your command would actually be
Add-MailboxFolderPermissio
Add-MailboxFolderPermissio
for all 3:
"Billsemailaddress","steve
"Billsemailaddress","steve
You may have issues with the 'Top of information store' command.
I would
1. Move the Individual User folders under the inbox- example Move the Bob Folder so it is a subfolder of the inbox
2. Now the correct commands to run for the Bob folder would be
"Billsemailaddress","steve
"Billsemailaddress","steve
I would
1. Move the Individual User folders under the inbox- example Move the Bob Folder so it is a subfolder of the inbox
2. Now the correct commands to run for the Bob folder would be
"Billsemailaddress","steve
"Billsemailaddress","steve
ASKER
Let me try it. I am not sure how long it typically takes for permissions to propagate.
I will check it with two hours
thanks you
I will check it with two hours
thanks you
ASKER
I am still can't expand any folders under shared mailbox (user Mike) even though rights assigned as suggested.
C:\Windows\system32>Get-Ma
FolderName User AccessRights
---------- ---- ------------
Inbox Default {None}
Inbox Anonymous {None}
Inbox Mike {FolderVisible}
Inbox Rick {Reviewer}
Inbox Bob {Reviewer}
[PS] C:\Windows\system32>Get-Ma
FolderName User AccessRights
---------- ---- ------------
Bob Default {None}
Bob Anonymous {None}
Bob Mike {Reviewer}
Bob Rick {FolderVisible}
Bob Bob {FolderVisible}
C:\Windows\system32>Get-Ma
FolderName User AccessRights
---------- ---- ------------
Inbox Default {None}
Inbox Anonymous {None}
Inbox Mike {FolderVisible}
Inbox Rick {Reviewer}
Inbox Bob {Reviewer}
[PS] C:\Windows\system32>Get-Ma
FolderName User AccessRights
---------- ---- ------------
Bob Default {None}
Bob Anonymous {None}
Bob Mike {Reviewer}
Bob Rick {FolderVisible}
Bob Bob {FolderVisible}
Leo, everyone should have folder visible for inbox...Then on the actual Bob folder set who you want to have reviewer rights
Did you move the Bob folder in to the Inbox so it is now a subfolder of inbox?
ASKER
yes
I removed old folders and created new folder inside the inbox
and you can see it in my Get-Permission results.
i can make folder visible to everyone, but the problem is that my test user mike has both Visible for inbox and Reviewer for Bob folder while stile can't expand mounted mailbox in the outlook and same error as listed above for the OWA
I removed old folders and created new folder inside the inbox
and you can see it in my Get-Permission results.
i can make folder visible to everyone, but the problem is that my test user mike has both Visible for inbox and Reviewer for Bob folder while stile can't expand mounted mailbox in the outlook and same error as listed above for the OWA
Did you try what you do on two test mailbox users ?
ASKER
yes.
i tried it on two mailboxes bob and mike
i tried it on two mailboxes bob and mike
So you mean bob and mike are two new users? I said that because I am thinking it might be permission issue.
ASKER
both users not new (over 10 years)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I created two new users bob1 and bob2
both have folder visible rights to shared inbox and Reviewer to inbox\bob folder.
same problem can't expand the folder on a mounted mailbo
both have folder visible rights to shared inbox and Reviewer to inbox\bob folder.
same problem can't expand the folder on a mounted mailbo
What is the user name for shared mailbox ?
ASKER
there is no user for the shared mailbox.
I have it delegated to my account. I am creating folders in it.
I have it delegated to my account. I am creating folders in it.
FYI, User can’t send email with just full access permission, send as or send on behalf permission is required for the user to be able to send emails using shared mailbox.
Powershell commands will not not do the trick and something could be inherited. You should do delegation.
Automapping in outlook by default enabled with delegation but not with those command you run.
Is that clear?