Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

This topic explains how to grant Full Access permission for a mailbox or Receive As permission for a mailbox database.

When you grant a user Full Access permission to a mailbox, that user has full access to only the mailbox for which the permissions are applied. With Full Access permission, the user can open and read the contents of the mailbox.

Important:
In Exchange 2010 Service Pack 1 (SP1), Outlook 2007 and Outlook 2010 clients automatically map to any mailbox to which a user has Full Access permissions. If a user is granted Full Access permissions to another user's mailbox or to a shared mailbox, Autodiscover automatically loads all mailboxes to which the user has full access. If the user has full access to a large number of mailboxes, performance issues may occur when starting Outlook. For example, in some Exchange organizations, administrators have full access to all the mailboxes in the organization. In this case, upon starting, Outlook attempts to open all mailboxes in the organization. Users can’t control this behavior and have no way to turn it off.

However, the user can't send mail as that mailbox without additional permissions. For information about granting Send As permission, see Manage Send As Permissions for a Mailbox.

When you grant a user Receive As permission to a mailbox database, that user can log on to all mailboxes within that database, but can't send mail from those mailboxes. For example, you may want to grant access to the mailbox database for mobile access or for legal review.

Full Access or Receive As permissions aren't granted until the Microsoft Exchange Information Store service caches the permissions and updates the cache. To grant the permissions immediately, stop and then restart the Microsoft Exchange Information Store service.

Use the EMC to grant Full Access permission for a mailbox

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Permissions and delegation" entry in the Mailbox Permissions topic.

  1. In the console tree, navigate to Recipient Configuration > Mailbox.

  2. In the result pane, select the mailbox for which you want to grant Full Access permission.

  3. In the action pane, under the mailbox name, click Manage Full Access Permission. The Manage Full Access Permission wizard opens.

  4. On the Manage Full Access Permission page, click Add.

  5. In Select User or Group, select the user to which you want to grant Full Access permission, and then click OK.

  6. Click Manage.

  7. On the Completion page, the Summary states whether Full Access permission was successfully granted. The summary also displays the Shell command used to grant Full Access permission.

  8. Click Finish.

Use the Shell to grant Full Access permission for a mailbox

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Permissions and delegation" entry in the Mailbox Permissions topic.

This example grants the user Ayla Kol Full Access permission to Chris Ashton's mailbox.

Copy Code
Add-MailboxPermission "Chris Ashton" -User "Ayla Kol" -AccessRights FullAccess

For detailed syntax and parameter information, see Add-MailboxPermission.

Use the Shell to grant Receive As permission for a mailbox database

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Permissions and delegation" entry in the Mailbox Permissions topic.

Note:
You can't use the EMC to grant Receive As permission for a mailbox database.

This example grants the user Ayla Kol Receive As permission for mailboxes on mailbox database DB01. Ayla will be able to log on to every mailbox on that database.

Copy Code
Add-ADPermission -Identity "DB01" -User "Ayla" -ExtendedRights Receive-As

For detailed syntax and parameter information, see Add-ADPermission.