Get in touch with us!

Calendar permissions

A question that always comes around is the central assigned permissions for mailboxes

For example a receptionist application is using a service account that needs read access to everyones calendar to
show what’s up with the users today. Some of the application suppliers just wants to give the account
Organization Management membership or global admin for those who run Office365

So what permissions do we want to assign? Well to show the users calendar information it would probably only need read access in the calendar within the mailbox.

Well that’s easy, run a command in powershell and you will add the correct permission.


Add-MailboxFolderPermission -User "domainmyserviceacc" -AccessRights Reviewer -Identity Anna:Calendar

Well that’s nice but, I’ve got 3000 mailboxes……

No worries. You can still use a simple powershell command.


$mailboxes = Get-Mailbox -Resultsize Unlimited

Foreach ($Mailbox in $allmailbox) {Set-mailboxfolderpermission –identity ($Mailbox.alias+':calendar’) –user Default –Accessrights Reviewer

But…

There is two caveats though. The first is that it is only applied for current existing mailboxes and the second is languages.
When a users logs on for the first time the mailbox is created and so is the calendar. The calendar is also created in the language
that the users choose (if logged on through OWA). This will break the powershell command above. A Swedish user calendar
is named Kalender and in Russian is named Календарь. This will make the command fail unless You specify the correct
name for the calendar for example anders.green:Kalender

So to avoid both of them we let this script run in Task Scheduler :


$mailboxes = Get-Mailbox -OrganizationalUnit altitude365.com/MyUserAccounts -ResultSize unlimited

$Permission = "Reviewer"

foreach ($mbx in $mailboxes) {

$CalendarName = (($mbx.SamAccountName)+ ":" + (Get-MailboxFolderStatistics -Identity $mbx.SamAccountName -FolderScope Calendar | Select-Object -First 1).Name)

Add-MailboxFolderPermission -User "domainsvc_account" -AccessRights $Permission -Identity $CalendarName

}

 

The AccessRights parameter can be specified with the following roles:

  • None   FolderVisible
  • Owner   CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible,
    EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
  • PublishingEditor   CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems,
    EditAllItems, DeleteOwnedItems, DeleteAllItems
  • Editor   CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems,
    DeleteAllItems
  • PublishingAuthor   CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems,
    DeleteOwnedItems
  • Author   CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
  • NonEditingAuthor   CreateItems, ReadItems, FolderVisible
  • Reviewer   ReadItems, FolderVisible
  • Contributor   CreateItems, FolderVisible

 

The following roles apply specifically to calendar folders:

  • AvailabilityOnly   View only availability data
  • LimitedDetails   View availability data with subject and location

 

 

 

 

Submit a Comment

Your email address will not be published. Required fields are marked *