How to Set Permissions if you are the Owner of a Shared Mailbox or Calendar

Issue: 

Owner of a shared mailbox grants access to the mailbox by using these instructions

A user states they have access to a mailbox but can't seem to add the mailbox to their Outlook client. 

The user states the owner just granted access to the mailbox. 

First contact the owner of the mailbox and confirm the permissions are set correctly by following the directions below.

Environment:

Outlook 2016

Outlook 365

 

Resolution:

 

Set permission;  

1)  In the bottom left corner of Outlook select the Envelope, then the ... then Folders,  this will change the left side view of your Outlook, showing all the folders you have permissions to view.

2)  At the Top Level of the mailbox Right Click and select Data File Properties

 

 

3)  Select the Permissions Tab, select Add…, and add all the users who need to have access.  At the Top Level of the mailbox the Permission Level needs to be Reviewer for everyone.  Press OK when finished.

 

4)  1) select the name that was added,  At the Top Level of the mailbox the Permission Level needs to be 2) Reviewer for everyone.  3) Press OK when finished.

5)  Next, grant permission at the other folders; Inbox, Calendar or any other folder the procedure is the same.  1) Right Click the folder and select Properties.

6) Select the Permissions Tab, select Add…, and add all the users who need to have access.  At this level of the mailbox the Permission Level needs to be specific for that individuals roll in your environment.  For example: Reviewer (can read items), Author (can read and create items), Editor (can read, create items, and modify items) and the Delete Items area; you might not want them to be able to delete all or only delete their own.  Press OK when finished.

Cause:

Most often, when the user is not able to connect to a shared mailbox it is a permission issue.    Confirm the permission with the client;

  1. Connect to the client computer and follow the steps in this KB article
  2. Confirm the top level only has reviewer permissions for everyone
  3. Confirm each folder has the permission needed for someone to connect, the permission does not propagate down to other folders. 
  4. In Calendar permissions make sure the Delete Items is set to what the user who is connecting needs, not everyone needs Delete All
  5. If the client is a MAC, clear the KeyChain of any passwords and start over.
  6. Do not set permissions through the Delegate Access area.  Delegate Access is for setting Send on Behalf permission in a shared mailbox
  7.  The next thing to look at is conflict; Conflicts could happen because they are an owner (on the server side of a mailbox) but they are added in the outlook directory structure with different or same permissions.  This can cause a conflict because, if they are an owner, on the server side, they should not be added to the outlook directory structure at all. 

Notes:

  • Granting owner permissions to a mailbox does not grant permission to Send As or Send on Behalf of the mailbox.  That is a separate Service Request
  • If a user has been granted owner permissions on a mailbox by IMS, this will not cause them to appear as an owner in the permissions tab in Outlook.  This is because the owner permission set by IMS on the server and the owner permission you see in Outlook are two separate permissions, and neither one knows about or is affected by the other.  If someone is granted owner permission in both places, and it is subsequently removed in one place, that person will still have owner access by virtue of the remaining permission.  For this reason, you should never grant owner permission to a mailbox in Outlook to a person who has been given owner permission to the mailbox by IMS.  More information here: https://uthscsa.teamdynamix.com/TDClient/2009/Portal/KB/ArticleDet?ID=91917