3. Sharing Policies
Organization relationships allow for sharing of availability information between organizations. Sharing
polices enable your users to share calendar and/or contact information
on a person-to-person basis with external users in other federated
Exchange Server 2010 organizations. This is independent of organization
relationships, and requires the participation and consent of both users
(the user in your organization and the external user the information is
being shared with).
Having a federation trust in place is a prerequisite to using sharing policies; although sharing
policies can be defined without a federation trust, they have no effect
without the trust. A sharing policy is comprised of the external
domains to share information with, the level of detail allowed to be
shared, and the mailboxes the policy is applied to.
You can identify various levels of detail to share with the specified domains:
Calendar sharing with free/busy information only
Calendar sharing with free/busy information, plus subject and location
Calendar sharing with free/busy information plus subject, location, and body
Contacts sharing
Calendar sharing with free/busy information only, Contacts sharing
Calendar sharing with free/busy information, plus subject and location; Contacts sharing
Calendar sharing with free/busy information plus subject, location, and body; Contacts sharing
Figure 8
shows a policy being created for Contoso users to share complete
Calendar information as well as Contacts with fabrikam.com users.
After you define the sharing
policy, you assign it to the appropriate users. If a user is not
assigned a specific sharing policy, the default sharing policy applies
to that user. One sharing policy must always be designated as the
default policy.
Users can create a sharing
invitation in Outlook 2010 or OWA and define the level of detail to
share with the external user up to the level allowed by the sharing
policy assigned to them. For example, if the sharing policy assigned
allows "Calendar sharing with free/busy information, plus subject and
location" with fabrikam.com, the user can either share only her
availability, or share limited details with users from fabrikam.com;
she will not be able to share the body of calendar entries or Contacts
with fabrikam.com users.
Only one sharing policy can be assigned to any one user, although a sharing policy can include numerous domain and action pairings. In addition, a sharing policy can include the * domain definition, which means that the action defined applies to all domains, unless a more specific domain and action pairing is defined in the same policy.
Note:
To
disallow any person-to-person sharing for particular users, simply
disable the sharing policy assigned to those users. Disabling the
default sharing policy disallows person-to-person for all users except
those assigned other policies that are still enabled.
4. Interaction of Permissions, Organization Relationships, and Sharing Policies
Because federated
delegation is a new topic for most Exchange Server 2010 administrators,
let's examine the relationship between Calendar permissions (the Access Control List, or ACL, on the user's default Calendar), sharing policies, and organization relationships.
An important point to keep in
mind is that any organization relationships in place honor the
permissions defined for the default entry in your calendar's
permissions dialog. That is, if the default entry is changed from the
standard Free/Busy time setting to None, neither external nor internal
users will see your free/busy information.
To enable free/busy information sharing
with another organization at the organization level, both organizations
must have a valid federation trust in place. In addition, the
organization that is sharing
free/busy information must have an organization relationship configured
for the SMTP domain of the organization free/busy information is to be
shared with. In a case where recipients for your organization are
defined in the GAL of the external organization, you need to work with
the administrators of that organization to make sure that those
recipients have the correct target address set because Exchange uses
the target address of an external recipient to find the organizational
relationship. To provide for two-way sharing, both organizations must have applicable organization
relationships in place. This offers sharing of free/busy information
only, providing that information which is available via the
availability service.
In contrast to an organization relationship, where access is determined by the permissions defined for the default entry in your calendar's permissions
dialog, when you share your calendar with an external user via a
sharing invitation, a unique entry for that user is added to the ACL
for your Calendar, as shown in Figure 9. As this behavior implies, access is still ultimately controlled by the permissions set on the calendar.
However, the primary
difference between organization relationships and sharing policies is
that whereas organization policies provide access to the Availability
service between organizations, sharing policies provide the ability for
end users to share their Calendars and/or Contacts in a person-person
relationship. The level of detail they can share is determined by the
sharing policy applied to their mailboxes. When sharing of a Calendar
or Contacts folder has been set up, that folder is synchronized to a
folder in the mailbox of the person you shared the Calendar or Contacts
with.