Sep 01 2020 11:15 AM
The Office 365 Admin console only have 3 options: Read and Manage, Send as, Send on behalf
I need to provide Read permission to other users (without Manage) so it's not possible to do it through the Admin Console.
This account has E1 license which can only be accessed through the Outlook Online app (no desktop app). I cannot find the permission setting on the Online app.
Is there any way to grand READ only permission for calendar/mailbox of this account?
Thanks
Sep 01 2020 01:27 PM
Hi @JohnIFSE
I believe you are still able to amend a folders permission in OWA by right clicking on the folder and selecting 'permissions'
The other way to do - and the way I personally prefer - is to use Powershell and the Set-MailboxFolderPermission cmdlet.
Not sure how familiar you are with Powershell, so apologies if it seems like I'm teaching my mother how to suck eggs, but you can connect onto Exchange Online in Powershell, then add granular permissions to specific folders (i.e. Inbox, Calendar etc) to specific users that way. It's command line based, but I find it easier to work with.
Just in case you need it, here are some resources to point you in the right direction.
General info about Exchange Online Powershell Module v2
https://docs.microsoft.com/en-gb/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps
Installing EXO PS module v2
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/1.0.1
Connecting to EXO PS module v2
Useful cmdlets
Get-MailboxFolderPermission
https://docs.microsoft.com/en-us/powershell/module/exchange/get-mailboxpermission?view=exchange-ps
Set-MailboxFolderPermission
Add-MailboxFolderPermission
One thing with the cmdlet that might help you because I got stuck on it: the mailbox is set up as a tree with the Top of Store being the very first level, then you have inbox, calendar sent items etc below that, and any sub folders those folders might contain. For a user to get to those subfolders, they must have the "FolderVisible" permission at the top of the store - this lets them see the folder, but not the contents.
i.e. you want to give UserB read permissions to UserA's Inbox and Calendar, but not sent items.
First give UserB "FolderVisible" to the top of UserA's store
Add-MailboxFolderPermission -Identity UserA@domain.com -User UserB@domain.com -AccessRights FolderVisible
Then add permissions for inbox and calendar
Add-MailboxFolderPermission -Identity UserA@domain.com:inbox -User UserB@domain.com -AccessRights ReadItems
Add-MailboxFolderPermission -Identity UserA@domain.com:calendar -User UserB@domain.com -AccessRights ReadItems
Apologies for waffling on a bit, but I hope this helps.
Sep 01 2020 03:07 PM - edited Sep 01 2020 03:09 PM
@HidMov Thanks very much. Worked!