question

SebastianMusto-7309 avatar image
0 Votes"
SebastianMusto-7309 asked JeffYang-MSFT commented

Permissions on shared mailboxes

Good morning, I wanted to see if a shared mailbox could be configured as read-only, that is, no user can delete emails or a little more advanced that some users can delete and others cannot. Thanks

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
1 Vote"
michev answered JeffYang-MSFT commented

Use folder-level permissions instead of Full Access. Add-MailboxFolderPermission is the cmdlet, or you can do it manually via Outlook/OWA if you prefer.

· 11
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the reply. And the permission so that they cannot delete emails as it would be?

Its neccesary configure the permission for each user?


Its neccesary configure the permission for each folder?

0 Votes 0 ·
michev avatar image michev SebastianMusto-7309 ·

You can configure them per user, group or "default". And yes, it needs to be set on each individual folder as necessary. Refer to the cmdlet help for more info: https://docs.microsoft.com/en-us/powershell/module/exchange/add-mailboxpermission?view=exchange-ps

0 Votes 0 ·

Hi @SebastianMusto-7309

Agree with michev's suggestion. You can configure the Reviewer permission of each folder for Default users like below:

 Add-MailboxFolderPermission -Identity user01@contoso.com:\Inbox -User Default -AccessRights Reviewer

118117-image.png

0 Votes 0 ·
image.png (12.1 KiB)

Thanks to both of you for the reply.

I just tried it but it wouldn't work. I want to clarify that it is a shared mailbox, not a mailbox.

0 Votes 0 ·
michev avatar image michev SebastianMusto-7309 ·

What exactly doesnt work? The cmdlet supports shared mailboxes just fine.

0 Votes 0 ·

I do it manually via Outlook/OWA

118367-image.png



but the member of the shared mailbox still can delete mails

0 Votes 0 ·
image.png (33.9 KiB)
michev avatar image michev SebastianMusto-7309 ·

Check what other permissions they might have, including Full access permissions or individual folder-level entries (the Default entry only applies to users not listed otherwise).

0 Votes 0 ·

Hi @SebastianMusto-7309,

It has been a while, how is everything going? Have you ever check if there is any other permissions they might have addition to the Reviewer permission you granted?

I tried test in my Outlook and it could work fine like below, prompt for permission when trying to delete the messages in shared folder:

118826-image.png
118769-image.png

0 Votes 0 ·
image.png (22.1 KiB)
image.png (7.1 KiB)

Hi, I check that there were no other permissions besides the default for several members but they can still delete emails

Could it have something to do that we sync our AD and Exchange with AD Connect against Office365?

0 Votes 0 ·

Hi @SebastianMusto-7309,
As I know, that should not be related to your issue.
May I know what specific Exchange version are you using? And would you mind creating a fresh new shared mailbox and do the operations we mentioned above for test so that we could exclude possible factors as much as possible?

0 Votes 0 ·

Hi @SebastianMusto-7309,
It has been a while, how is everything going?
If you have any update about this issue, please feel free to post back.

0 Votes 0 ·