Configuring Mailbox Permissions
While a mailbox
is typically assigned only to the specific person using it, there are
times when there is a legitimate business need to grant other people
permissions to the mailbox. For example, if a manager is out of town and
without access to the network and needs her assistant to send a
proposal on her behalf to an external user. Or, if an account manager is
working on a deal just prior to going on vacation, and the sales
director needs to monitor the account manager’s mailbox in his absence
in case a message comes in related to the proposed deal.
Mailbox permissions
fall into two categories: being able to send e-mail on behalf of
someone and being able to access a mailbox in order to view, edit, or
create items. Granting Send On Behalf permissions can be done by the
administrator in the user’s properties in the Active Directory Users And
Computers console or by the user himself in the Outlook client. Both
methods accomplish the same thing, and when viewing the properties in
either location, you see the same settings. To grant Send On Behalf
permissions using the Active Directory Users And Computers console, open
the console and perform the following steps:
1. | Edit the user’s properties and click the Exchange General tab.
|
2. | Click Delivery Options, which displays the dialog box shown in Figure 19.
|
3. | When you click Add, you are presented with the standard Active Directory object selection dialog box, like that shown in Figure 7-15.
Type in the name of the user you want to grant Send On Behalf
permission to, and click OK. You will see that user’s name in the Grant
This Permission To field.
|
Granting mailbox
rights can also be performed by the administrator in the Active
Directory Users And Computers console or by the user himself through the
Outlook client. However, rights granted through the Active Directory
Users And Computers console do not have the same level of granularity
that rights granted through Outlook have. Through Outlook, mailbox
rights can be granted to a specific folder. For example, if an assistant
needs to set appointments in her manager’s calendar, you do not have to
give her permissions that would let her view the manager’s Inbox.
Through the Active Directory Users And Computers console, the rights you
can apply relate only to being able to view or modify permissions or to
grant full mailbox access to a user account.
To grant mailbox
rights using the Active Directory Users And Computers console, open the
console and perform the following steps:
1. | Edit the user’s properties and click the Exchange Advanced tab.
|
2. | Click Mailbox Rights, which displays the dialog box shown in Figure 20.
|
3. | You
can modify rights or add additional users and grant them rights.
Permission check boxes that are unavailable are inherited permissions
that cannot be modified here.
|
Granting permissions in Outlook is a straightforward process, as follows:
1. | Right-click the folder you want to grant permission to, such as your calendar, and click Properties.
|
2. | Click the Permissions tab, which displays a dialog box similar to that shown in Figure 21.
|
3. | When
you click Add, you are presented with the GAL, from which you can
select all of the users who you want to have permission to this folder.
Once you select them and click OK, you will see them appear in the
permissions list.
|
4. | Users
are given the permission level equal to what is initially set for
default, and you then configure the permissions on an individual basis.
This is another instance when it can make sense to utilize group
permissions rather than multiple individuals.
|
Tip
If
a user grants permissions to a folder in Outlook, there are two ways
that folder can be opened. The first way is by clicking File, selecting
Open, and then selecting Other User’s Folder. The second way is to add
the mailbox to the profile from the Tools menu and selecting E-Mail
Accounts. If the user needs to add the other user’s mailbox to their
profile in order to view a folder, such as a calendar, it is required
that they have full permission at the mailbox level and then the
designated permissions at the folder level. If the user is granted
permissions only at the folder level, they will be able to add the
mailbox to their profile but they won’t be able to navigate to the
folder. |