Forum Discussion
How to give access to calendar of all users for service account, but restrict access for mailbox
We have service account that has access to all users's calendar, we found out that it also has full access to mailbox (read, send e.t.c). How to restrict rights for mailbox ?
Service account need to only read, create calendar items for all users.
- FcoManigrassoIron Contributor
Hi waihislam,
In order to remove the Full Access that your service account has over the mailboxes you can run:
Get-Mailbox -ResultSize Unlimited | Remove-MailboxPermission -User "your service account" -AccessRights FullAccess -Confirm:$false
And to add the required permissions over all the mailboxes calendar folder you can try this script:
$Users=Get-Mailbox -ResultSize Unlimited $Permission = "Contributor" foreach ($User in $Users) { $Cal = $User.Identity.ToString() + ":\Calendar" Add-MailboxFolderPermission -Identity $Cal -User "your service account" -AccessRights Contributor -Confirm:$false }
NOTE: Remember to add your service account to the script. If a permissions entry already exists for it, you'll need to change the "Add-MailboxFolderPermission" to "Set-MailboxFolderPermission".
This is a easy one. You can build one more complete, ( with different Calendar names in the case your users have different languages... Check if the entry already exists and run the "Set" automatically, etc... ), with the help of this article:
Set default calendar permissions for all users with PowerShell - ALI TAJRAN
Regarding the permissions level, I'll say "Contributor" is what you need. But anyway see the differences below:
Hope this helps.
- Dan_SnapeSteel ContributorYou can use the add-mailboxfolderpermission cmdlet to give a user access to the calender only:
Add-MailboxFolderPermission -Identity <mailbox>:\Calendar -User <user requiring access> -AccessRights Editor
You'll need to check the actual "AccessRights" the user will need