Hi @bolvar
Sorry, been meaning to reply to this but things have been very busy.
In case you haven't managed to resolve this yourself, I do have a solution but it's not very elegant.
The Add-MailboxPermission cmdlet adds permissions to the entire mailbox - the permissions are the ones you listed out which don't help.
The Add-MailboxFolderPermission adds permissions to individual folders within a mailbox, but the permissions it can add are much more useful and granular.
1. Remove the FullAccess permmission you have set up for the user from the shared mailbox
Remove-MailBoxPermission -identity SharedMailbox -user user@domain.com
2. After some time the mailbox will be removed from the users Outlook. Now we're going to add the mailbox back in, but only individual folders. Start with the Top of the Information Store - the user will just need the FolderVisible permission for this:
Add-MailboxFolderPermission -identity SharedMailbox -user user@domain.com -AccessRights FolderVisible
3. Next add permissions to the inbox allowing them to edit and create, but not delete.
Add-MailboxFolderPermission -identity SharedMailbox:\Inbox -user user@domain.com -AccessRights FolderVisible, CreateItems, EditAllItems, ReadItems
4. Any other folders you need them to access will need to be added manually - so adding in a subfolder in the Inbox called "Orders" would need the following added
Add-MailboxFolderPermission -identity SharedMailbox:\Inbox\Orders -user user@domain.com -AccessRights FolderVisible, CreateItems, EditAllItems, ReadItems
5. Finally, because Automapping doesn't work with Add-MailboxFolderPermission you will need to manually add the mailbox to the users Outlook by going to File > Info > Account Settings > Change > More Settings > Advanced > Open These Additional Mailboxes > Add
This may or may not be appropriate for your organisations set up, but hopefully this is useful.
Thanks,
Mark
