cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to quickly assign different permissions to shared calendars to different people

fstorer
Brass Contributor

‎Aug 14 2022 06:03 AM

‎Aug 14 2022 06:03 AM

How to quickly assign different permissions to shared calendars to different people

Hello everyone,

In our organization we have a shared mailbox with multiple calendars within (around 10 calendars). These calendars need to be shared with all staff members, who should have "Reviewer" permissions. There are a few people (the secretaries), though, who need to have "Editor" permissions, because they are responsible of editing all these calendars.

Also, every year our Staff security group is populated with new staff members who need to access those calendars possibly via email notifications.

Would it be possible to create a script which:

 

- Check all the members within the Staff Security group;

- Identify the (new) members who don't have any access/permissions to the shared calendars;

- Assign "Reviewer" permissions to each of them;

then

- Check all the members in a variable named $Secretaries (it would be great to populate this variable finding the word "Secretary" in the job title of each staff member);   

- Assign "Editor" permissions to all the secretaries.

 

In the past new members were added manually one by one via the GUI.

I created a variable with all the calendars inside:

 

$SharedCalendars = @(
    "email address removed for privacy reasons:\Calendar\Test Dates",
    "email address removed for privacy reasons:\Calendar\Test1 Dates",
    "email address removed for privacy reasons:\Calendar\Test2 Dates",  
    "email address removed for privacy reasons:\Calendar\Test3 Dates",
    "email address removed for privacy reasons:\Calendar\Test4 Dates",
    etc.
)

 Then I know that I can run for each calendar the Add-MailboxFolderPermission and also send the notifications

$SharedCalendars.ForEach{
    Add-MailboxFolderPermission -Identity $_ -User email address removed for privacy reasons -AccessRights Reviewer -SendNotificationToUser $true
}

If I want to populate the $Secretaries variable, I can use something like this:

$Users = Get-MgGroupMember -GroupId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -All
$UsersJob = $Users.ForEach{
    Get-MgUser -UserId $_.Id -Property Id, DisplayName, UserPrincipalName, Mail, JobTitle
}
$Secretaries = $UsersJob | Where-Object {($_.JobTitle -like '*Secretary*')} | Select-Object -Property Id, DisplayName, UserPrincipalName, Mail, JobTitle | Sort-Object -Property UserPrincipalName

 

but I am missing all the part of assigning the "Reviewer" permissions for each new member and the "Editor" permissions for the secretaries.

Any help would be much appreciated.

Many thanks in advance!

 

Francesco

 

1,737 Views
0 Likes
2 Replies
Reply
2 Replies
Diane Poremsky

‎Aug 15 2022 07:20 AM

‎Aug 15 2022 07:20 AM

Re: How to quickly assign different permissions to shared calendars to different people

Are you giving the Staff Security group permission to the calendar? That would be the easiest way. If all members don't get the same permissions, make more groups - give the groups the appropriate permissions and add the users to the correct group.
0 Likes
Reply
fstorer

‎Aug 15 2022 07:51 AM - edited ‎Aug 15 2022 08:08 AM

‎Aug 15 2022 07:51 AM - edited ‎Aug 15 2022 08:08 AM

Re: How to quickly assign different permissions to shared calendars to different people

@Diane Poremsky 

Thanks for your reply. You are right, I can create another security group for secretaries or in general for the "editors" and then assign the permissions directly to the group instead of the single members. I am just worried that this can generate some conflicts because Secretaries/Editors will be both in the main Staff security group and in the new one. Will the script overwrite the previous permissions? Or should I use something like this:

 

$SharedCalendars = @(
    "email address removed for privacy reasons:\Calendar\Test Dates",
    "email address removed for privacy reasons:\Calendar\Test1 Dates",
    "email address removed for privacy reasons:\Calendar\Test2 Dates",  
    "email address removed for privacy reasons:\Calendar\Test3 Dates",
    "email address removed for privacy reasons:\Calendar\Test4 Dates",
    etc.
)
$SharedCalendars.ForEach{
    Add-MailboxFolderPermission -Identity $_ -User STAFF_SECURITYGROUP -AccessRights Reviewer -SendNotificationToUser $true
    Set-MailboxFolderPermission -Identity $_ -User EDITORS_SECURITYGROUP -AccessRights Editor -SendNotificationToUser $true
}

 

 

The problem is that the main Staff Security Group is a Security Group, not a mail-enabled Security group (according to the reference, I can use only email-enabled Security Group). 

Also, I am not sure how to manage the notifications (only the new starters should receive the Outlook sharing invitations). It can happen that during the year old staff members delete the shared calendars and they don't know how to add them again to their Outlook client, so they ask IT support to re-send the notifications (clicking on the "Accept" button is just easier for them).

What would you suggest?

So far I wrote a script where I get all the starters in a variable (thanks to @LainRobertson who showed me the quickest way) and then assign them the "Reviewer" permissions:

$Starters = Get-MgUser -Filter "CreatedDateTime ge $([datetime]::UtcNow.AddDays(-64).ToString("s"))Z" -ExpandProperty memberOf -All | Where-Object {($_.MemberOf.Id -contains 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx')} | Sort-Object -Property UserPrincipalName | Select-Object UserPrincipalName
$Starters.ForEach{
    Add-MailboxFolderPermission -Identity "xxxxxx:\Calendar\Test Dates" -User $_ -AccessRights Reviewer -SendNotificationToUser $true
    Add-MailboxFolderPermission -Identity "xxxxxx:\Calendar\Test1 Dates" -User $_ -AccessRights Reviewer -SendNotificationToUser $true
    Add-MailboxFolderPermission -Identity "xxxxxx:\Calendar\Test2 Dates" -User $_ -AccessRights Reviewer -SendNotificationToUser $true
    Add-MailboxFolderPermission -Identity "xxxxxx:\Calendar\Test3 Dates" -User $_ -AccessRights Reviewer -SendNotificationToUser $true
etc.
}

 

0 Likes
Reply