Skip to main content

Delegating mailbox permissions

The following pseudo attribute is supported to allow the owner of a mailbox to delegate permissions for access for their mailbox to another user:

  • PERM_PermissionAction

  • Permissions:

    • FA - FullAccess

    • EA - ExternalAccount

    • DI - DeleteItem

    • RP - ReadPermission

    • CP - ChangePermission

    • CO - ChangeOwner

    • SA - SendAs

  • Inheritance Type:

    • All

    • Children

    • Descendants

    • None.

    • SelfAndChildren

These options must be set in the same form and fashion as you would set them using Add-MailboxPermission from the Exchange Management PowerShell console.

Examples

The attribute may be submitted in the following format:

  • Grant ReadPermission and remove FullAccess for the user admin1:

    "{grant=admin1@scom.local;mask={RP;-FA;};flags={InheritanceType=All;}}"

  • Deny ReadPermission for the user admin1.

    "{deny=admin1@scom.local;mask={RP;};flags={InheritanceType=All;}}"

  • Remove all permissions granted to the user admin1.

    "{remove=admin1@scom.local;}"

  • Replace existing permissions for the user admin1.

    "{grant=admin1@scom.local;mask={RP;};flags={InheritanceType=All;}replace;}"

In this section: