Outlook Permission

[John Smith]

Hi

How can i grant a user the ability to see all folder inside a mailbox from
within Outlook without giving the user full mailbox access.

basically, i want the users to be able to delegate permisions, but with the
setting the permission per folder. if they give user access "reviews" from
mailbox - username. the delegate should be able to see everything in that
mailbox, but they only see the inbox and not other folder.

any ideas.

 

[Sue Mosher [MVP-Outlook]]

To allow access to a shared folder that isn't one of the folders listed on the File | Open | Other User's Folder dialog, the mailbox owner needs to grant "folder visible" permission to the root of the mailbox and any other parent folders of the shared folder, as well as appropriate permission -- at least Reviewer -- on the shared folder itself.

The user who needs access then goes into Tools | E-mail Accounts or Tools | Services (depending on the Outlook version), brings up the properties for the Exchange Server service, and on the Advanced tab, adds the mailbox.

For more information on folder permissions, with how-to screen shots, see http://www.howto-outlook.com/howto/permissions.htm and http://office.microsoft.com/assistance/preview.aspx?AssetID=HA011134811033

Note that granting delegate access is not the same as granting permissions on a folder.

--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003

and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[John Smith]

I have found that giving users a read only permission from active directory makes absolutely no difference, obviously one would think that giving users read only permission from AD to delegate would allow the user to read everything ( all folders ) with being able to make changes.

The only thing with the permissions is that, even if you delegate access from the root ( mailbox - username ) this would only give you access to the inbox and not all folder inside the mailbox. Additional folder would have to be granted on individual basis which time consuming if you have a lot of folders. The only around this is to grant full mailbox access, which is not the desired result.

Any ideas how could I get around this dilema.

To allow access to a shared folder that isn't one of the folders listed on the File | Open | Other User's Folder dialog, the mailbox owner needs to grant "folder visible" permission to the root of the mailbox and any other parent folders of the shared folder, as well as appropriate permission -- at least Reviewer -- on the shared folder itself.

The user who needs access then goes into Tools | E-mail Accounts or Tools | Services (depending on the Outlook version), brings up the properties for the Exchange Server service, and on the Advanced tab, adds the mailbox.

For more information on folder permissions, with how-to screen shots, see http://www.howto-outlook.com/howto/permissions.htm and http://office.microsoft.com/assistance/preview.aspx?AssetID=HA011134811033

Note that granting delegate access is not the same as granting permissions on a folder.

--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003

and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[Sue Mosher [MVP-Outlook]]

I think you already know the answe4r: Folder-level permissions need to be granted from Outlook, not AD, for each folder. Use the Permissions tab on the Properties dialog for each folder.

Alternatively, you could use the PFDAVAdmin tool (see link at http://www.slipstick.com/exs/permissions.htm#tools) for at least the default folders.
--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003

and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers


I have found that giving users a read only permission from active directory makes absolutely no difference, obviously one would think that giving users read only permission from AD to delegate would allow the user to read everything ( all folders ) with being able to make changes.

The only thing with the permissions is that, even if you delegate access from the root ( mailbox - username ) this would only give you access to the inbox and not all folder inside the mailbox. Additional folder would have to be granted on individual basis which time consuming if you have a lot of folders. The only around this is to grant full mailbox access, which is not the desired result.

Any ideas how could I get around this dilema.

To allow access to a shared folder that isn't one of the folders listed on the File | Open | Other User's Folder dialog, the mailbox owner needs to grant "folder visible" permission to the root of the mailbox and any other parent folders of the shared folder, as well as appropriate permission -- at least Reviewer -- on the shared folder itself.

The user who needs access then goes into Tools | E-mail Accounts or Tools | Services (depending on the Outlook version), brings up the properties for the Exchange Server service, and on the Advanced tab, adds the mailbox.

For more information on folder permissions, with how-to screen shots, see http://www.howto-outlook.com/howto/permissions.htm and http://office.microsoft.com/assistance/preview.aspx?AssetID=HA011134811033

Note that granting delegate access is not the same as granting permissions on a folder.

 

[John Smith]

Is there a way of granting access to all folders in one permissions
settings.



I think you already know the answe4r: Folder-level permissions need to be
granted from Outlook, not AD, for each folder. Use the Permissions tab on
the Properties dialog for each folder.

Alternatively, you could use the PFDAVAdmin tool (see link at
http://www.slipstick.com/exs/permissions.htm#tools) for at least the default
folders.
--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003

and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers


I have found that giving users a read only permission from active directory
makes absolutely no difference, obviously one would think that giving users
read only permission from AD to delegate would allow the user to read
everything ( all folders ) with being able to make changes.

The only thing with the permissions is that, even if you delegate access
from the root ( mailbox - username ) this would only give you access to the
inbox and not all folder inside the mailbox. Additional folder would have to
be granted on individual basis which time consuming if you have a lot of
folders. The only around this is to grant full mailbox access, which is not
the desired result.

Any ideas how could I get around this dilema.

To allow access to a shared folder that isn't one of the folders listed on
the File | Open | Other User's Folder dialog, the mailbox owner needs to
grant "folder visible" permission to the root of the mailbox and any other
parent folders of the shared folder, as well as appropriate permission -- at
least Reviewer -- on the shared folder itself.

The user who needs access then goes into Tools | E-mail Accounts or Tools |
Services (depending on the Outlook version), brings up the properties for
the Exchange Server service, and on the Advanced tab, adds the mailbox.

For more information on folder permissions, with how-to screen shots, see
http://www.howto-outlook.com/howto/permissions.htm and
http://office.microsoft.com/assistance/preview.aspx?AssetID=HA011134811033

Note that granting delegate access is not the same as granting permissions
on a folder.

 

[Sue Mosher [MVP-Outlook]]

Not in Outlook. See what PFDAVAdmin can do.

--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003

and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[Guest]

We're trying to determine the appropriate method for allowing person "a" to
access email, calendar and task folders for person "b". Obviously, each
person "b" could provide the access in Outlook. We're trying to determine
how we can do this centrally for numerous people. As you've said, we could
use something like the PFDAVAdmin tool. (Thanks for pointing that out.)

We're not trying to limit person a's access to specific sub-folders, like
the "sent" mail folder. We want people to have rights at the "root" folder
(e.g. "Inbox").

We seem to have been able to provide this capability by going into AD
Users/Computers and setting rights in the "Exchange Advanced" tab. However,
what I seem to be reading is that this is not recommended, as it may
"corrupt" Exchange's ability to display the MAPI security properties in
Outlook. Did I understand this correctly? If so, when should we be using
the Exchange Advanced settings tab?