none
Imported IPM subtree to regular mailbox FROM a public folder - permissions? RRS feed

  • Question

  • We do not do public folders in our environment.

    We imported a public folder data IPM subtree into a mailbox that would be accessed by multiple users.

    We had to give users FULL access mailbox rights to be able to open the IPM subtree data folders.

    How can we permission READ rights for this data as well as full rights?

    Wednesday, December 4, 2019 4:05 PM

Answers

  • Please use the following command to check the folder permission of the calendar or contacts under IPM_SUBTREE:

    get-MailboxFolderPermission <shared mailbox>:\IPM_SUBTREE\<folder name>

    I did the same test in my environment, but cannot reproduce your issue:

    You can try to create a new test user mailbox, grant the ReadItems permission to it, and check if the same issue occurs.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, December 24, 2019 7:49 AM
    Moderator

All replies

  • Hi,

    Is the mailbox you imported the pf data a user mailbox?

    Do you mean you want some users can have access to the specified mailbox only with read permission?

    If so, you can use the following command to grant access permission of the top mailbox folder. Then add ReadItems permission of some specified folders:

    Add-MailboxFolderPermission username:\ -user <username> -AccessRights ReadItems add-MailboxFolderPermission username:\Inbox -user <username> -AccessRights ReadItems

    With ReadItems permission, the user can read items within the specified folder. You can check this article for more information about AccessRights: Add-MailboxFolderPermission - AccessRights

    Here is my test result. I granted read permission of Inbox under user01 mailbox for user03:

    user03 can only read items under Inbox of user01 mailbox:


    If you can log into the mailbox with pf data, you can add the folder permission from Outlook directly. Right click the folder, choose Properties (click Folder Permission for root folder) and go to Permissions page:


    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, December 5, 2019 6:20 AM
    Moderator
  • Just checking in to see if above information was helpful. If you have any questions or need further help on this issue, please feel free to post back.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, December 10, 2019 11:07 AM
    Moderator
  • Lydia wonderful, but how did you get user03 to show up to begin with? auto-mapping through exchange via full permissions on the mailbox?

    or open user folder? what was your process? 

    Tuesday, December 10, 2019 4:19 PM
  • user03 is an ordinary user mailbox, user01 is a mailbox imported with public folder data. 

    This is my test environment, so I know the password and log into user03 mailbox directly. I gave user03 folder permissions from user01, then I logged into user03 mailbox to check if the commands works.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, December 11, 2019 1:08 AM
    Moderator
  • Ok, so i did exactly as you suggested. made sure my user03 (end user account trying to access the PFM data in user01) has reviewer rights on the top / of the store and /inbox for user01.

    i can see this is the case in powershell.

    I'm wondering how you are adding the user01 account as a secondary account unless you give them full mailbox permissions to be ABLE to view the pfm folder structure?

    if you give full permissions, that defeats the goal, no?

    Friday, December 13, 2019 6:16 PM
  • We can open the user01 mailbox manually from Outlook.

    1. I used the first command to grant access permission of the top mailbox folder to user03. User03 just needs ReadItems permission to see the top folder of user01:

    Add-MailboxFolderPermission username:\ -user <username> -AccessRights ReadItems

    2. Then we can add user01 for user03 from Outlook. File > Account Settings > Change Account > More Settings > Advanced > Add an additional mailbox:

    3. Then we can see user01 mailbox, and we can only see the top folder since the permission.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, December 17, 2019 7:32 AM
    Moderator
  • Ok, that actually worked for adding the mailbox, but the permissions are not working.

    Used "Add-MailboxFolderPermission username:\ -user <username> -AccessRights ReadItems"

    as the only permission for the user, and the user is able to add calendar and contact entries within the IPM structure.


    Tuesday, December 17, 2019 7:40 PM
  • Do you mean user03 can add calendar and contact entries in mailbox user01?

    It's strange, since user03 should only have the read permission of user01 top folder. If it's convenient, can you explain with more details about how to add calendar and contact entries? Then I will do more tests in my environment.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, December 19, 2019 8:58 AM
    Moderator
  • yes, that is correct, cal and contacts can be added though only read to the top of the info store. i added them the same way i just confirmed with you. 

    least privileges.

    first image, these contacts and calendars i can add items no problem.

    second image highlighted folders cannot add contacts and cal entries below:

    <style><br _moz_dirty="" /></style>

    Friday, December 20, 2019 9:52 PM
  • Please use the following command to check the folder permission of the calendar or contacts under IPM_SUBTREE:

    get-MailboxFolderPermission <shared mailbox>:\IPM_SUBTREE\<folder name>

    I did the same test in my environment, but cannot reproduce your issue:

    You can try to create a new test user mailbox, grant the ReadItems permission to it, and check if the same issue occurs.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, December 24, 2019 7:49 AM
    Moderator
  • It's great that you get useful information in our forum. Here is a brief summary about this thread. Hope more people can get help from it.

    Request:

    We imported a public folder data IPM subtree into a mailbox that would be accessed by multiple users.

    We had to give users FULL access mailbox rights to be able to open the IPM subtree data folders.

    How can we permission READ rights for this data as well as full rights?

    Solution Summary:

    You can use the following command to grant access permission of the top mailbox folder. Then add ReadItems permission of some specified folders:

    Add-MailboxFolderPermission username:\ -user <username> -AccessRights ReadItems add-MailboxFolderPermission username:\Inbox -user <username> -AccessRights ReadItems

    With ReadItems permission, the user can read items within the specified folder. 

    We can add the target mailbox from Outlook. File > Account Settings > Change Account > More Settings > Advanced > Add an additional mailbox.

    You also can use the following command to check the folder permission of the calendar or contacts under IPM_SUBTREE:

    get-MailboxFolderPermission <shared mailbox>:\IPM_SUBTREE\<folder name>

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, December 31, 2019 6:32 AM
    Moderator