1

I have a service account that I want to be able to access another users calendar through the ews api in such a way that it can create appointments, update appointments they have created and delete appointments they have created but NOT be able to read all items on the users calendar.

This appears to be possible in office 365 (see screenshot) but is it possible with Exchange 2010? If so how?

enter image description here

Mark
  • 3,137
  • 4
  • 39
  • 76

1 Answers1

1

Sure the image you have posted is just the Folder permissions from Outlook these permission are the same from Exchange 2007 to Office365. The two ways you can set permission pro-grammatically like you have shown is first use one of the Mailbox Access API's like Mapi or EWS and set the Folder permission eg https://msdn.microsoft.com/en-us/library/office/dn641962(v=exchg.150).aspx

Or you can use the Exchange Management Shell and Add-MailboxFolderPermissions https://blogs.technet.microsoft.com/ilvancri/2009/11/24/exchange-2010-and-then-there-is-the-long-awaited-cmdlet-add-mailboxfolderpermission/ this can be a better approach as it just requires delegated admin rights via an RBAC role where setting the folder permission via EWS because it uses a User API would require the account setting those permissions to be the Mailbox owner, have been delegate Full Access rights on the Mailbox (eg add-mailboxpermission) or use Impersonation.

Glen Scales
  • 20,495
  • 1
  • 20
  • 23
  • Thanks for taking the time to reply. I do not need to set these programmatically just find a way to show the administrators of this 2010 exchange that the permissions I want are possible. They say they are not. In your second link the first screenshot shows the equivalent screen as my screenshot in 2010. They say that when they select none under the Read option that the other permissions are greyed out implying that to grant the other permissions Read is a necessity. Might there be any documentation proving this not to be the case? – Mark Aug 23 '16 at 14:51
  • On the primary Calendar Folder in a Mailbox you have FreeBusy permissions which (are the same on Office365 you have just posted an image from the Inbox folder). I would say that is where the confusion is between yourself and the admins is. The minimal read rights you can set on a Primary Calendar are Free/Busy which just gives the user access to FreeBusy (but no details). This is not the same as Reviewer and is equivalent to none. Just have FreeBusy will achieve the same rights as your trying you might just need to convince the admin that it doesn't mean you have Reviewer access. – Glen Scales Aug 24 '16 at 02:26