The following commands will allow you to give another user access to a mailbox or a folder in that mailbox, for delegate or monitoring purposes.
For the folder permission commands, they work for any folder in the mailbox, all you have to do is substitute Calendar for Contacts or another folder name.
Prerequisites
These commands require the ExchangeOnlineManagement module.
Commands
Grant Full Access to a Mailbox
Note: Full access does not include send-as or send-on-behalf permissions.
Add-MailboxPermission -Identity <MailboxIdentity> -User <DelegateIdentity> -AccessRights FullAccess [-AutoMapping $false]If -AutoMapping is set to false, the mailbox will not be added to Outlook automatically and will need to be added manually, if needed.
This can be useful if you need to add the mailbox as a second account in Outlook. In that case, when adding the mailbox to Outlook, specify the mailbox’s email, but use the Delegate’s credentials when authenticating.
Grant Send-As Permissions to a Mailbox
Office 365
Add-RecipientPermission "Help Desk" -AccessRights SendAs -Trustee "Ayla Kol"On-Prem Exchange
$UsertoSendAs = Get-ADUser -Filter 'Name -like "Full Name"'
$UserSendingAs = Get-ADUser -Filter 'Name -like "Full Name"'
Add-ADPermission -Identity $UsertoSendAs.Name -User $UserSendingAs.Name -AccessRights ExtendedRight -ExtendedRights "Send As"Grant Send-on-behalf Permissions to a Mailbox
Set-Mailbox -Identity <MailboxIdentity> -GrantSendOnBehalfTo <DelegateIdentity>Get Folder permissions
Get-EXOMailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected]Add Folder Permissions
Add-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights AuthorUpdate Folder Permissions
Set-MailboxFolderPermission [email protected]:\Calendar -User [email protected] -AccessRights AuthorThe following individual permissions are available:
- CreateItems1
- CreateSubfolders2
- DeleteAllItems3
- DeleteOwnedItems4
- EditAllItems5
- EditOwnedItems6
- FolderContact7
- FolderOwner8
- FolderVisible9
- ReadItems10
The available roles, along with the permissions that they assign, are described in the following list:
Editor
None
- FolderVisible9
Owner
PublishingEditor
PublishingAuthor
The following roles apply specifically to calendar folders:
- AvailabilityOnly View only availability data
- LimitedDetails View availability data with subject and location
Add user as Delegate
To change delegate permissions (Such as adding CanViewPrivateItems) you have to Remove-MailboxFolderPermission, then add a new entry. Delegate access requires the Editor AccessRights
Add-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights Editor -SharingPermissionFlags Delegate,CanViewPrivateItemsMore Information
Manage permissions for recipients in Exchange Online
https://technet.microsoft.com/en-us/library/ff522363(v=exchg.160).aspx
Footnotes
-
The user can create items in the specified folder. ↩ ↩2 ↩3 ↩4 ↩5 ↩6 ↩7 ↩8
-
The user can create subfolders in the specified folder. ↩ ↩2 ↩3 ↩4
-
The user can delete all items in the specified folder. ↩ ↩2 ↩3 ↩4
-
The user can only delete items that they created from the specified folder. ↩ ↩2 ↩3 ↩4 ↩5 ↩6
-
The user can edit all items in the specified folder. ↩ ↩2 ↩3 ↩4
-
The user can only edit items that they created in the specified folder. ↩ ↩2 ↩3 ↩4 ↩5 ↩6
-
The user is the contact for the specified public folder. ↩ ↩2
-
The user is the owner of the specified folder. The user can view the folder, move the folder, and create subfolders. The user can’t read items, edit items, delete items, or create items. ↩ ↩2
-
The user can view the specified folder, but can’t read or edit items within the specified public folder. ↩ ↩2 ↩3 ↩4 ↩5 ↩6 ↩7 ↩8 ↩9 ↩10
-
The user can read items within the specified folder. ↩ ↩2 ↩3 ↩4 ↩5 ↩6 ↩7 ↩8