locked
Unable to move items but don't delete privileges with custom mailboxfolderpermissions RRS feed

  • Question

  • Hi there

    I need to set some custom permissions on folders in a shared mailbox. I have tried using a variety of roles available in the add-mailboxfolderpermission cmdlet but I need to turn my attention to a custom set of privileges since I need for example to allow creating subfolders but not allowing deletions. Once you pass the NonEditingAuthor role this isn't possible any longer

    Reference: http://technet.microsoft.com/en-us/library/ff522363(v=exchg.150).aspx

    In short, I need a set of privileges that allow me to read and write to all items and one set to do the same + make deletions. But it seems that behind the scene when you move an item to another folder for example, Exchange copies this item and then deletes it. Hence if you don't have the delete privilege you'll get a nice error message that this isn't possible and your item will get copied but not deleted.

    It doesn't seem to matter if you give deleteownitems or deleteallitems, once you have the permission you can delete any message in the box.

    So it seems I end up with the question: or give delete privileges or don't be able to move items. Am I missing something? Is this possible after all with a mix of privileges?

    For reference, this is the set of privileges that I used: CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems. This will end up you not being able to delete anything as I'm trying to do but you won't be able to move any item. Adding DeleteAllItems makes you do that but obviously also delete any other item.


    • Edited by .Dennis Friday, October 10, 2014 9:39 AM
    Friday, October 10, 2014 9:38 AM