Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-11-16

Use the Set-MailboxFolderPermission cmdlet to update folder-level permissions for all folders within a user's mailbox. The cmdlet differs from the Add-MailboxFolderPermission cmdlet in that it edits an existing permission entry.

Syntax

Set-MailboxFolderPermission -Identity <MailboxFolderIdParameter> -AccessRights <MailboxFolderAccessRight[]> -User <MailboxFolderUserIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-WhatIf [<SwitchParameter>]]

Detailed Description

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Mailbox folders" entry in the Mailbox Permissions topic.

Parameters

Parameter Required Type Description

AccessRights

Required

Microsoft.Exchange.Management.StoreTasks.MailboxFolderAccessRight[]

The AccessRights parameter specifies the permissions for the user with the following access rights:

  • ReadItems   The user has the right to read items within the specified folder.

  • CreateItems   The user has the right to create items within the specified folder.

  • EditOwnedItems   The user has the right to edit the items that the user owns in the specified folder.

  • DeleteOwnedItems   The user has the right to delete items that the user owns in the specified folder.

  • EditAllItems   The user has the right to edit all items in the specified folder.

  • DeleteAllItems   The user has the right to delete all items in the specified folder.

  • CreateSubfolders   The user has the right to create subfolders in the specified folder.

  • FolderOwner   The user is the owner of the specified folder. The user has the right to view and move the folder and create subfolders. The user can't read items, edit items, delete items, or create items.

  • FolderContact   The user is the contact for the specified folder.

  • FolderVisible   The user can view the specified folder, but can't read or edit items within the specified folder.

The AccessRights parameter also specifies the permissions for the user with the following roles, which are a combination of the rights listed previously:

  • None   FolderVisible

  • Owner   CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

  • PublishingEditor   CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

  • Editor   CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

  • PublishingAuthor   CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems

  • Author   CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems

  • NonEditingAuthor   CreateItems, ReadItems, FolderVisible

  • Reviewer   ReadItems, FolderVisible

  • Contributor   CreateItems, FolderVisible

The following roles apply specifically to calendar folders:

  • AvailabilityOnly   View only availability data

  • LimitedDetails   View availability data with subject and location

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxFolderIdParameter

The Identity parameter specifies the recipient and folder that you want to change the permissions for. This parameter takes the following format: <SMTP Address or Alias of Recipient>:<Folder path>. The following is an example: john@contoso.com:\Calendar

User

Required

Microsoft.Exchange.Management.StoreTasks.MailboxFolderUserIdParameter

The User parameter specifies who's granted permission to view or modify the folder contents of the user specified in the Identity parameter. The following values are acceptable:

  • Alias

  • SMTP address

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

Examples

EXAMPLE 1

This example assigns permissions for Ed to access Ayla's Marketing mailbox folder and applies the Owner role to his access of that folder.

Copy Code
Set-MailboxFolderPermission -Identity ayla@contoso.com:\Marketing -User Ed@contoso.com -AccessRights Owner