How to grant read-only permission on a MailBox

In this post I will show you how to grant user Perry Brill read-only permission on the mailbox of Joe Dan using PowerShell.

The first thing to do is to find all the folders present in Serge Boss mailbox then grant read only permission on those folders to John Doe.

Let’s go with the fistr step :

To find the folders in the mailbox, use the below commandline 

Get-MailboxFolderStatistics -Identity <mailbox identity> | Select-Object Identity

To grant access to a particular folder, use this commandline

Add-MailboxFolderPermission -Identity <Folder Identity> -User <User who needs access> -AccessRights <Type of Access>

To grant read-only access to all the folders, you must apply the previous command to all the folder. The easiest way is to use a loop. I propose you a function to reach that goal.

function Add-PermissionOnAllMailboxFolders {
    param (
        [Parameter(Mandatory = $true)]
        $Identity,

        [Parameter(Mandatory = $true)]
        $User,

        [Parameter(Mandatory = $true)]
        [validateSet("Author","Reviewer","Contributor")] #Find complete list of permission on https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxfolderpermission?view=exchange-ps
        $AccessRights
    )

    $ExcludeFolders = ":\Top of Information Store",":\Recoverable Items",":\Audits",":\Calendar Logging",":\Deletions",":\DiscoveryHolds",":\Purges",":\SubstrateHolds",":\Versions",":\Sync Issues",":\Yammer Root"
    $alias = (Get-Mailbox -Identity $Identity).alias
    
    Add-MailboxFolderPermission "$($alias):\" -User $User -AccessRights $AccessRights

    (Get-MailboxFolderStatistics -Identity $alias).Identity | Foreach-object {
        $folder = $_.replace("$alias\","$($alias):\")
        if ($folder.replace("$alias","") -notin $ExcludeFolders) {
            Add-MailboxFolderPermission $folder -User $User -AccessRights $AccessRights
        }
    }

}

Run the script to load the function and then use the commands below to grant the permissions according to your need

To grant read-only permission

#Reviewer : FolderVisible, ReadItems
Add-PermissionOnAllMailboxFolders -Identity "Joe Dan" -User "Perry Brill" -AccessRights Reviewer

To grant the other type of permission

#Author : CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
Add-PermissionOnAllMailboxFolders -Identity "Joe Dan" -User "Perry Brill" -AccessRights Author

#Contributor : CreateItems, FolderVisible
Add-PermissionOnAllMailboxFolders -Identity "Joe Dan" -User "Perry Brill" -AccessRights Contributor

Now you can add the mailbox to the user Outlook and access it content

The mailbox now appears in your outlook.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: