When you are granting access for one user to access another mailbox, whether that be another user’s mailbox or a shared mailbox, you can configure the access using either mailbox permissions or mailbox folder permissions. The two approaches are suitable for different scenarios.
Mailbox permissions are used to grant access to an entire mailbox. Every folder within the mailbox, whether it be the Inbox, Calendar, or Contacts, allows the same level of access, when mailbox permissions are used.
The access granted through mailbox permissions is “Full Access”, meaning that the user can read, write, edit, create, delete, and so on.
When you assign mailbox permissions, you have the option to enable or disable auto-mapping. Auto-mapping will automatically connect Outlook users to mailboxes that they have been granted mailbox permissions to. This happens through Autodiscover, and Auto-mapping is enabled by default. When you grant a user mailbox permission to another mailbox you can optionally disable auto-mapping, in which case the user needs to manually open or add the mailbox to their Outlook profile.
However, Auto-mapping only works if you grant mailbox permissions to a user directly. If you grant mailbox permissions to a security group that the user is a member of, they’ll get access to the mailbox but auto-mapping won’t work at all.
- How to Grant Full Mailbox Access for a User
- How to List All Users Who Have Access to Other Exchange Mailboxes
- Exchange Best Practices: Administrator Access to User Mailboxes
- Unexpected Permissions Appearing on Exchange Server Mailboxes
- Removing an Auto-Mapped Mailbox from Outlook
Mailbox Folder Permissions
Mailbox Folder Permissions grant access to specific mailbox folders only. So if you grant a user permissions to the Inbox, they won’t get access to the Calendar as well.
Mailbox Folder Permissions can actually be configured by the mailbox owner themselves using Outlook. But administrators can do it as well, and are usually asked to handle it for the users anyway, especially for shared mailboxes.
When you use mailbox folder permissions, there’s a lot more control for the level of access granted. You can grant full access, or editor access, or reviewer access (which is like Read Only access). It’s not an all or nothing approach.
As a potential downside though, when you configure mailbox folder permissions, auto-mapping is not used at all. Users will always need to manually add mailboxes to their Outlook profile, if their access has been granted using mailbox folder permissions.
A common usage of mailbox folder permissions is granting read-only access to a specific mailbox folder. This can be achieved by granting a user the Reviewer role for the folder. Reviewer allows read access to the mailbox folder items, but no other access (e.g. the user can’t create items or delete existing items).