0

I want to share other peoples Office 365 calendars with me, with different access rights for testing. I have Exchange admin rights so that I can poke around in the Office365 Exchange config.

With https://theitbros.com/add-calendar-permissions-in-office-365-via-powershell/ as inspiration and some help from https://social.technet.microsoft.com/Forums/office/en-US/d59a04ec-3d9d-40c1-8937-fedfba79b888/assigned-reviewer-access-rights-through-powershell-but-can-create-calendar-appointments?forum=Exch2016PS I have done the following

  • Start Powershell as admin
  • Log into Office365:
    $LiveCred = Get-Credential
  • Create a new session:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
  • Import the Office365 session:
    Import-PSSession $Session
  • Query the mailbox folder statistics with Get-MailboxFolderStatistics, but filter on 'identity':
    Get-MailboxFolderStatistics [email protected] | fl identity
    This shows names for these 'Identities' and tells me that the calendar in Dutch is called Agenda.
  • Update the permissions for those folders:
    Add-MailboxFolderPermission -Identity [email protected]:\Agenda -user [email protected] -AccessRights PublishingEditor
    Add-MailboxFolderPermission -Identity [email protected]:\Agenda -user [email protected] -AccessRights Editor
    Add-MailboxFolderPermission -Identity [email protected]:\Agenda -user [email protected] -AccessRights Reviewer

If I now verify the permissions with

Get-MailboxFolderPermission [email protected]:\Agenda
Get-MailboxFolderPermission [email protected]:\Agenda
Get-MailboxFolderPermission [email protected]:\Agenda

... I see access rights {PublishingEditor}, {Editor} and {Reviewer}:

enter image description here

However, in OWA (Outlook Web Access) I can still create appointments in b's calendar, where it says {Reviewer}.
What am I overlooking?

Improve this question

1 Answer 1

Reset to default
0

First: it looks like giving PublishingEditor gives you the rights needed to Create/Remove items. I suggest digging into AccessRights.. More here: https://social.technet.microsoft.com/Forums/en-US/105ccad6-4d36-4c6b-a2e1-8cc890fde9fb/addmailboxpermission-accessrights-definition?forum=exchangesvrgeneral

Specifically, this:

enter image description here

Second: Are you Dutch by any chance? I have never seen the ':\agenda' switch used before. From what I have found, only when using the Dutch language 'pack' should you use ':\agenda'.

Please try those same commands, but use ':\calendar' instead of ':\agenda'. I am not sure if this will have any affect, but it is a good start.

Found here: http://www.vdberge.com/kennisbank/a-quick-way-to-set-calendar-permissions-using-powershell/

Add-MailboxFolderPermission -Identity [email protected]:\Calendar -user [email protected] -AccessRights PublishingEditor, Editor, Reviewer

Third: it looks like the permissions you are assigning do not make sense. Please review access rights and the permissions that encompasses them.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Yes, the Dutch is specific. That's why I do the Get-MailboxFolderStatistic: to determine what the folder name is. It is not Calendar (that failed)
Gotcha. I agree this has nothing to do with the overall issue. I believe the overall issue has to do with the AccessRights. Giving someone PublishingEditor would allow someone to edit an agenda - this is expected behavior. The issue here is the rights you are assigning.
I can still create appointments in b's calendar, where it says {Reviewer}.
If you remove "Reviewer" permissions, are you still able to create appointments in B's calendar?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.