Jun 11 2020 01:56 AM
Hy!
I have a shared mailbox what is connected to 3 user. They want to mark the inbox mail with colors, to see who managed it.
The question is that i tried a few level of permissions in powershell but no luck.
The problem is they dont want to use full acces, because they affraid of the exedentaly delete of the emails.
Is there any permission level for the users , to use the color markers, and the fast action menu, but they have no permission to delete the mail.
Thanks for the help!
bolvar
Jun 11 2020 04:38 AM
Hi @bolvar
I'd look at doing the following permissions - I don't think any of the ready-made roles will meet your requirements.
CreateItems: The user can create items in the specified folder.
CreateSubfolders: The user can create subfolders in the specified folder.
EditAllItems: The user can edit all items in the specified folder.
FolderOwner: The user is the owner of the specified folder. The user can view the folder, move the folder, and create subfolders. The user can't read items, edit items, delete items, or create items.
ReadItems: The user can read items within the specified folder.
Hope this helps,
Jun 11 2020 07:00 AM
Thanks i found the article, and i tried editallitems, but its not worked.
Now the users have reviewer permission.
Maybe i made something wrong, i will try it again.
bolvar
Jun 15 2020 06:11 AM
Tried a few solutions but i think there is no option to prevent users to delete accidentally a massage :/.
The roles for the shared mailbox even described:
he AccessRights parameter specifies the permission that you want to assign to the user on the mailbox. Valid values are:
ChangeOwner
ChangePermission
DeleteItem
ExternalAccount
FullAccess
ReadPermission
ChangePermission and ChangeOwner was able to delete.
Jul 01 2020 06:36 AM
Hi @bolvar
Sorry, been meaning to reply to this but things have been very busy.
In case you haven't managed to resolve this yourself, I do have a solution but it's not very elegant.
The Add-MailboxPermission cmdlet adds permissions to the entire mailbox - the permissions are the ones you listed out which don't help.
The Add-MailboxFolderPermission adds permissions to individual folders within a mailbox, but the permissions it can add are much more useful and granular.
1. Remove the FullAccess permmission you have set up for the user from the shared mailbox
Remove-MailBoxPermission -identity SharedMailbox -user user@domain.com
2. After some time the mailbox will be removed from the users Outlook. Now we're going to add the mailbox back in, but only individual folders. Start with the Top of the Information Store - the user will just need the FolderVisible permission for this:
Add-MailboxFolderPermission -identity SharedMailbox -user user@domain.com -AccessRights FolderVisible
3. Next add permissions to the inbox allowing them to edit and create, but not delete.
Add-MailboxFolderPermission -identity SharedMailbox:\Inbox -user user@domain.com -AccessRights FolderVisible, CreateItems, EditAllItems, ReadItems
4. Any other folders you need them to access will need to be added manually - so adding in a subfolder in the Inbox called "Orders" would need the following added
Add-MailboxFolderPermission -identity SharedMailbox:\Inbox\Orders -user user@domain.com -AccessRights FolderVisible, CreateItems, EditAllItems, ReadItems
5. Finally, because Automapping doesn't work with Add-MailboxFolderPermission you will need to manually add the mailbox to the users Outlook by going to File > Info > Account Settings > Change > More Settings > Advanced > Open These Additional Mailboxes > Add
This may or may not be appropriate for your organisations set up, but hopefully this is useful.
Thanks,
Mark