Forum Discussion

fstorer's avatar
fstorer
Copper Contributor
Aug 14, 2022

How to quickly assign different permissions to shared calendars to different people

Hello everyone, In our organization we have a shared mailbox with multiple calendars within (around 10 calendars). These calendars need to be shared with all staff members, who should have "Reviewer...
exchange online
office 365
powershell
Shared Calendars
Shared mailbox
Diane_Poremsky_MVP's avatar
Diane_Poremsky_MVP
MVP
Aug 15, 2022
Are you giving the Staff Security group permission to the calendar? That would be the easiest way. If all members don't get the same permissions, make more groups - give the groups the appropriate permissions and add the users to the correct group.
fstorer's avatar
fstorer
Copper Contributor
Aug 15, 2022

Diane_Poremsky_MVP 

Thanks for your reply. You are right, I can create another security group for secretaries or in general for the "editors" and then assign the permissions directly to the group instead of the single members. I am just worried that this can generate some conflicts because Secretaries/Editors will be both in the main Staff security group and in the new one. Will the script overwrite the previous permissions? Or should I use something like this:

 

$SharedCalendars = @(
    "email address removed for privacy reasons:\Calendar\Test Dates",
    "email address removed for privacy reasons:\Calendar\Test1 Dates",
    "email address removed for privacy reasons:\Calendar\Test2 Dates",  
    "email address removed for privacy reasons:\Calendar\Test3 Dates",
    "email address removed for privacy reasons:\Calendar\Test4 Dates",
    etc.
)
$SharedCalendars.ForEach{
    Add-MailboxFolderPermission -Identity $_ -User STAFF_SECURITYGROUP -AccessRights Reviewer -SendNotificationToUser $true
    Set-MailboxFolderPermission -Identity $_ -User EDITORS_SECURITYGROUP -AccessRights Editor -SendNotificationToUser $true
}

 

 

The problem is that the main Staff Security Group is a Security Group, not a mail-enabled Security group (according to the reference, I can use only email-enabled Security Group). 

Also, I am not sure how to manage the notifications (only the new starters should receive the Outlook sharing invitations). It can happen that during the year old staff members delete the shared calendars and they don't know how to add them again to their Outlook client, so they ask IT support to re-send the notifications (clicking on the "Accept" button is just easier for them).

What would you suggest?

So far I wrote a script where I get all the starters in a variable (thanks to LainRobertson who showed me the quickest way) and then assign them the "Reviewer" permissions:

$Starters = Get-MgUser -Filter "CreatedDateTime ge $([datetime]::UtcNow.AddDays(-64).ToString("s"))Z" -ExpandProperty memberOf -All | Where-Object {($_.MemberOf.Id -contains 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx')} | Sort-Object -Property UserPrincipalName | Select-Object UserPrincipalName
$Starters.ForEach{
    Add-MailboxFolderPermission -Identity "xxxxxx:\Calendar\Test Dates" -User $_ -AccessRights Reviewer -SendNotificationToUser $true
    Add-MailboxFolderPermission -Identity "xxxxxx:\Calendar\Test1 Dates" -User $_ -AccessRights Reviewer -SendNotificationToUser $true
    Add-MailboxFolderPermission -Identity "xxxxxx:\Calendar\Test2 Dates" -User $_ -AccessRights Reviewer -SendNotificationToUser $true
    Add-MailboxFolderPermission -Identity "xxxxxx:\Calendar\Test3 Dates" -User $_ -AccessRights Reviewer -SendNotificationToUser $true
etc.
}

 

Resources