Add-MailboxFolderPermission

Add-MailboxFolderPermission

In some cases, you may find it useful to provide access to a single folder in a mailbox. Perhaps a user needs access to a particular customer folder in your shared mailbox for support cases. Or a user has a project folder that needs to be shared with team members.

This post will show how to grant new access to an individual folder in a mailbox using the Add-MailboxFolderPermission PowerShell command.

To modify existing mailbox folder permissions, you must use the Set-MailboxFolderPermission PowerShell command.

In the last section, we’ll look at how to delegate mailbox folder access using OWA or the Outlook client.

How to Configure Calendar Permissions with AD Users & Computers

With Easy365Manager, you can configure calendar permissions in just a few seconds directly from AD Users & Computers:

Easy365Manager is a snap-in to AD Users & Computers that allows you to consolidate AD and Office 365 administration.

With Easy365Manager, you can save a lot of time and easily remove your Exchange on-premises server.

Check out the features and download the 30-day trial.

Mailbox Folder Permissions Using PowerShell

Use the Add-MailboxFolderPermission PowerShell command to grant permission to access a mailbox folder. The below example shows you how:

Connect-ExchangeOnline
Add-MailboxFolderPermission -Identity ole.roemer@observatory.dk:\IoEclipse -User hans.schjellerup@observatory.dk -AccessRights Owner
Disconnect-ExchangeOnline

Start by establishing a connection with Exchange Online (line 1 – 3).

Grant access to the mailbox folder using the Add-MailboxFolderPermission command (line 4).

End your Exchange Online session when done (line 5). If you don’t explicitly close the session you risk depleting the number of available sessions.

To verify that the new folder permissions have been set, use the Get-MailboxFolderPermission command:

PS C:\> Get-MailboxFolderPermission -Identity ole.roemer@observatory.dk:\IoEclipse | ft Identity,User,AccessRights

Identity              User             AccessRights
--------              ----             ------------
Ole Roemer:\IoEclipse Default          {None}
Ole Roemer:\IoEclipse Anonymous        {None}
Ole Roemer:\IoEclipse Hans Schjellerup {Owner}

To remove the delegated access again use the Remove-MailboxFolderPermission PowerShell command:

Remove-MailboxFolderPermission -Identity ole.roemer@observatory.dk:\IoEclipse -User hans.schjellerup@observatory.dk

Mailbox Folder Access – Roles and Permissions

When giving access to a mailbox folder you can either grant a role, which is a collection of permissions, or you can grant individual permissions.

The following types of Mailbox Folder Roles exist:

Mailbox Folder Roles

Role NamePermissions Included in Role
AuthorCreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
ContributorCreateItems, FolderVisible
EditorCreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems
NoneFolderVisible
NonEditingAuthorCreateItems, FolderVisible, ReadItems
OwnerCreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderContact, FolderOwner, FolderVisible, ReadItems
PublishingEditorCreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems
PublishingAuthorCreateItems, CreateSubfolders, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
ReviewerFolderVisible, ReadItems
AvailabilityOnly(Calendar only) View only availability data
LimitedDetails(Calendar only) View availability data with subject and location

The individual permissions and the type of access they grant are listed in the following table:

Mailbox Folder Permissions

Permission NameType of Access
CreateItemsThe user can create items within the specified folder.
CreateSubfoldersThe user can create subfolders in the specified folder.
DeleteAllItemsThe user can delete all items in the specified folder.
DeleteOwnedItemsThe user can only delete items that they created from the specified folder.
EditAllItemsThe user can edit all items in the specified folder.
EditOwnedItemsThe user can only edit items that they created in the specified folder.
FolderContactThe user is the contact for the specified public folder.
FolderOwner The user is the owner of the specified folder. The user can view the folder, move the folder and create subfolders. The user can’t read items, edit items, delete items or create items.
FolderVisible The user can view the specified folder, but can’t read or edit items within the specified public folder.
ReadItemsThe user can read items within the specified folder.

Mailbox Folder Permissions Using Outlook (Client & Web)

You can also use OWA or the Outlook client to configure mailbox folder permissions. Right click the folder, select permissions and edit the permissions in the new window, like so:

Add-MailboxFolderPermission
Calendar permissions and roles in Outlook

Summary

We hope you now have a good overview of the structure of mailbox folder permissions and how to configure it.

If you want more inspiration on PowerShell scripting or Office 365 Management please have a look at our blog.

If you want to save lots of hours on your weekly Office 365 user, mailbox and license administration AND get rid of your on-premises Exchange Server, have a look at Easy365Manager. It’s available as a fully functional 30 day trial.