Exchange 2007/2010: Assigning permissions for public folders

by

Permissions for public folders can also be conveniently assigned using Powershell. This is how it's done:

On the Exchange Management Shell, the CMDlet "Add-PublicFolderClientPermission" is responsible for assigning permissions. The syntax is as follows:

Add-PublicFolderClientPermission -Identity "\<name of the public folder" -User -AccessRights -Server "Server name on which the PF database is hosted"

Example:

Add-PublicFolderClientPermission -Identity "\Kontakte" -User frank -AccessRights Owner -Server "EXSRV"

The "AccessRights" parameter specifies which rights or which role the user should be assigned. In the example above, user "Frank" is assigned the "Owner" role.

These authorizations can be assigned:

  • ReadItems (Read items in the folder)
  • CreateItems (create elements)
  • EditOwnedItems (Edit own elements)
  • DeleteOwnedItems (Delete own elements)
  • EditAllItems (Edit all elements)
  • DeleteAllItems (Delete all elements)
  • CreateSubFolders (user can create subfolders)
  • FolderOwner (User may view and move the folder, but not read any items)
  • FolderContact (user is the contact for the folder)
  • FolderVisible (folder is visible, elements may not be read)

The roles each consist of a set of authorizations and assign several rights to a user:

  • Owner (CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems)
  • PublishingEditor (CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems)
  • Editor (CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems)
  • PublishingAuthor (CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems)
  • Author (CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems)
  • NonEditingAuthor (CreateItems, ReadItems, FolderVisible)
  • Reviewer (ReadItems, FolderVisible)
  • Contributor (CreateItems, FolderVisible)

With the help of "get-PublicFolderClientPermission" you can display the permissions of the users on a public folder:

Get-PublicFolderClientPermission -Identity "\Kontakte" -User Frank-Server "EXSRV" | Format-List

The authorizations or roles can be removed again with "remove-PublicFolderClientPermission":

Remove-PublicFolderClientPermission -Identity "\Kontakte" -User Frank -AccessRights Owner -Server "EXSRV"

1 thought on “Exchange 2007/2010: Berechtigungen für Öffentliche Ordner vergeben”

Leave a Comment