Add-MailboxFolderPermission cmdlet in Exchange 2013
Exchange 2010 introduced a new built in cmdlet “Add-MailboxFolderPermission”. This command helps us to assign and Manage Folder level permissions for all folders/calendar of a mailbox in the organization.
I have been working with a cloud provider who wants RO access to the “Deleted items folder” for all mailboxes in the company.
The Access Rights parameters are as below:
- ReadItems: The user has the right to read items within the specified folder.
- CreateItems The user has the right to create items within the specified folder.
- EditOwnedItems The user has the right to edit the items that the user owns in the specified folder.
- DeleteOwnedItems The user has the right to delete items that the user owns in the specified folder.
- EditAllItems The user has the right to edit all items in the specified folder.
- DeleteAllItems The user has the right to delete all items in the specified folder.
- CreateSubfolders The user has the right to create subfolders in the specified folder.
- FolderOwner The user is the owner of the specified folder. The user has the right to view and move the folder and create subfolders. The user can’t read items, edit items, delete items, or create items.
- FolderContact The user is the contact for the specified public folder.
- FolderVisible The user can view the specified folder, but can’t read or edit items within the specified public folder.
The Roles with which we can provide the access rights are as below:
- None FolderVisible
- Owner CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- PublishingEditor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- Editor CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- PublishingAuthor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
- Author CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
- NonEditingAuthor CreateItems, ReadItems, FolderVisible
- Reviewer ReadItems, FolderVisible
- Contributor CreateItems, FolderVisible
Ref: http://technet.microsoft.com/en-us/library/dd298062(v=exchg.150).aspx
The following roles apply specifically to calendar folders:
- AvailabilityOnly View only availability data
- LimitedDetails View availability data with subject and location
We will see how we can assign Calendar access permissions to another user:
In the below examples I have set the permissions for the mailbox Exchangeteam to James and John.
Add-MailboxFolderPermission ExchangeTeam@MSExchangeGuru.Local:Calendar -User James@MSExchangeGuru.Local –AccessRights editor
Commands to set calendar or remove calendar permissions on multiple mailboxes.
Get-Content C:tempCalendar.txt | ForEach-Object {Add-MailboxFolderPermission $_”:Calendar” -User James@MSExchangeGuru.Local -AccessRights Reviewer}
Get-Content C:tempCalendar.txt | ForEach-Object {Remove-MailboxFolderPermission $_”:Calendar” -User James@MSExchangeGuru.Local -AccessRights Reviewer}
We will see how we can assign Folder access permissions to another user:
Add-MailboxFolderPermission –Identity ‘ExchangeTeam@MSExchangeGuru.Local:Reports’ –User John@MSExchangeGuru.Local –AccessRights Owner
Use Set-MailboxFolderPermission cmdlet to update folder-level permissions for all folders within a user’s mailbox. The cmdlet differs from the Add-MailboxFolderPermission cmdlet in that it edits an existing permission entry.
Set-MailboxFolderPermission –Identity ‘ExchangeTeam@MSExchangeGuru.Local:Reports’ -User John@MSExchangeGuru.Local –AccessRights Owner
Verify if the access rights assigned successfully:
View the permissions under outlook/WebApp of ExchangeTeam account.
To remove the access and verify:
Remove-MailboxFolderPermission –Identity ‘ExchangeTeam@MSExchangeGuru.Local:Reports’ –User John@MSExchangeGuru.Local
Ratish Nair
Microsoft MVP | Exchange Server
Team @MSExchangeGuru
January 4th, 2015 at 9:55 am
I am looking to create a folder in all user’s mailboxes. I want the folder to allow a user to add sub folders and add and remove email from those folders. The catch is that I do not want the user to be able to delete the folder. Will this work with that scenario?
March 9th, 2016 at 2:40 am
How can we provide folder permission from On-premises server to exchange online user.
Ex: User A (SharedMailbox at Onpremise), User B (Office 365), Need to provide folder access permission to User B for User A mailbox folder.
February 1st, 2017 at 8:46 am
[…] https://msexchangeguru.com/2014/07/07/add-mailboxfolderpermission […]