2

Let me preface this with ... I am not a MS Exchange Administrator (I have worked with Lotus Domino/Notes in the past so that's my background). So my terminology might be off.

I want to connect to our MS Exchange servers using EWS. Our company security team is making this rather difficult and doesn't want my service to have "super rights" to be able to write to anyone's calendar. (Fair enough) Therefore my question is ... Is there a role that allows a a super user rights to a person's calendar without being able to look at or modify anything else for that user? Or might there be another way to impersonate the user I need to add a calendar item for.

Goal Clarification:
My goal would to be create a standalone java web service that can be called, by any of our applications. This would be an asynchronous process that would add Meetings to a person's calendar. The problem is authentication. If i have a standalone service I not logged in as anyone. So in order to use EWS I would need to provide some sort of credentials. The user account I would be using would need to be able to touch each user's calendar. Our security team sees this as a risk and would giving my service access to much vital information.

To restate my question: Can my service only have access to a people's calendars? Or does giving my service access to Exchange to change a everyone's calendar, does that also give me access to everything else for that user? (Hopefully this clears the mud.) (This is why I asked the question if there was a role within MS Exchange that would allow for this.)

Again I'm wanting to know from an Administrator/Security point of view. I'll figure out the programming later.

jtoepfer
  • 131
  • 3
  • 1
    Can you have the admin create an account, and periodically run a script to add permissions to each users calendar for that account? eg [Add-MailboxFolderPermission](http://technet.microsoft.com/en-us/library/dd298062\(v=exchg.150\).aspx) – Zoredache Feb 26 '14 at 18:04
  • What is it you are wanting to do via EWS and their calendars? Why the need for "super user" rights to their calendars as you call it? – TheCleaner Feb 26 '14 at 18:57
  • So what I want to do with EWS is to add Meeting/Appointments on user's calendars via our in house custom software. – jtoepfer Mar 21 '14 at 12:14

1 Answers1

1

Yes - Your service account can be given whatever set of permissions (owner, editor, author, contributor, reviewer, free/busy time, etc) you request.

This will have to be done against every calendar folder (generally, just the default calendar for each user.) This can easily be done with a one-liner of POSH and should also be folded into the account-creation process so that it takes effect on new accounts.

I don't see any management roles that pertain to calendars, so I don't believe this is something that you can simply do once in a central place. You'll need to do this per calendar.

mfinni
  • 36,144
  • 4
  • 53
  • 86
  • Is a person's MS Exchange calendar contain separate permissions from their mail? And what permissions would my service account need in order to put a Meeting/Appointment on a person's calendar? – jtoepfer Mar 21 '14 at 12:29
  • Every folder can have different permissions, just like files /folders and ntfs permissions. – mfinni Mar 21 '14 at 12:36