In some cases, you may find it useful to provide access to a single folder in a mailbox. Perhaps a user needs access to a particular customer folder in your shared mailbox for support cases. Or a user has a project folder that needs to be shared with team members.
This post will show how to grant new access to an individual folder in a mailbox using the Add-MailboxFolderPermission PowerShell command.
To modify existing mailbox folder permissions, you must use the Set-MailboxFolderPermission PowerShell command.
In the last section, we’ll look at how to delegate mailbox folder access using OWA or the Outlook client.
How to Configure Calendar Permissions with AD Users & Computers
With Easy365Manager, you can configure calendar permissions in just a few seconds directly from AD Users & Computers:
Easy365Manager is a snap-in to AD Users & Computers that allows you to consolidate AD and Office 365 administration.
With Easy365Manager, you can save a lot of time and easily remove your Exchange on-premises server.
Check out the features and download the 30-day trial.
Mailbox Folder Permissions Using PowerShell
Use the Add-MailboxFolderPermission PowerShell command to grant permission to access a mailbox folder. The below example shows you how:
Connect-ExchangeOnline
Add-MailboxFolderPermission -Identity ole.roemer@observatory.dk:\IoEclipse -User hans.schjellerup@observatory.dk -AccessRights Owner
Disconnect-ExchangeOnline
Start by establishing a connection with Exchange Online (line 1 – 3).
Grant access to the mailbox folder using the Add-MailboxFolderPermission command (line 4).
End your Exchange Online session when done (line 5). If you don’t explicitly close the session you risk depleting the number of available sessions.
To verify that the new folder permissions have been set, use the Get-MailboxFolderPermission command:
PS C:\> Get-MailboxFolderPermission -Identity ole.roemer@observatory.dk:\IoEclipse | ft Identity,User,AccessRights Identity User AccessRights -------- ---- ------------ Ole Roemer:\IoEclipse Default {None} Ole Roemer:\IoEclipse Anonymous {None} Ole Roemer:\IoEclipse Hans Schjellerup {Owner}
To remove the delegated access again use the Remove-MailboxFolderPermission PowerShell command:
Remove-MailboxFolderPermission -Identity ole.roemer@observatory.dk:\IoEclipse -User hans.schjellerup@observatory.dk
Mailbox Folder Access – Roles and Permissions
When giving access to a mailbox folder you can either grant a role, which is a collection of permissions, or you can grant individual permissions.
The following types of Mailbox Folder Roles exist:
Mailbox Folder Roles
Role Name | Permissions Included in Role |
---|---|
Author | CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems |
Contributor | CreateItems, FolderVisible |
Editor | CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems |
None | FolderVisible |
NonEditingAuthor | CreateItems, FolderVisible, ReadItems |
Owner | CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderContact, FolderOwner, FolderVisible, ReadItems |
PublishingEditor | CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible, ReadItems |
PublishingAuthor | CreateItems, CreateSubfolders, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems |
Reviewer | FolderVisible, ReadItems |
AvailabilityOnly | (Calendar only) View only availability data |
LimitedDetails | (Calendar only) View availability data with subject and location |
The individual permissions and the type of access they grant are listed in the following table:
Mailbox Folder Permissions
Permission Name | Type of Access |
---|---|
CreateItems | The user can create items within the specified folder. |
CreateSubfolders | The user can create subfolders in the specified folder. |
DeleteAllItems | The user can delete all items in the specified folder. |
DeleteOwnedItems | The user can only delete items that they created from the specified folder. |
EditAllItems | The user can edit all items in the specified folder. |
EditOwnedItems | The user can only edit items that they created in the specified folder. |
FolderContact | The user is the contact for the specified public folder. |
FolderOwner | The user is the owner of the specified folder. The user can view the folder, move the folder and create subfolders. The user can’t read items, edit items, delete items or create items. |
FolderVisible | The user can view the specified folder, but can’t read or edit items within the specified public folder. |
ReadItems | The user can read items within the specified folder. |
Mailbox Folder Permissions Using Outlook (Client & Web)
You can also use OWA or the Outlook client to configure mailbox folder permissions. Right click the folder, select permissions and edit the permissions in the new window, like so:


Summary
We hope you now have a good overview of the structure of mailbox folder permissions and how to configure it.
If you want more inspiration on PowerShell scripting or Office 365 Management please have a look at our blog.
If you want to save lots of hours on your weekly Office 365 user, mailbox and license administration AND get rid of your on-premises Exchange Server, have a look at Easy365Manager. It’s available as a fully functional 30 day trial.