This is a tutorial on how to add calendar permissions in Office 365 for your users via Powershell. You can add permissions onto a specific mailbox, or you can add it onto a security group.
By default, Exchange (and Office 365) users can’t view messages or calendar items of other users. The only permission that is provided to all users by default is the ability to view free/busy information in the calendar of other users (AvailabilityOnly role).
Office 365 Calendar Permissions
Step 1
The first is step is to launch Windows PowerShell. We recommend running it as Administrator.
Step 2
Run the following command to login to 365 via Powershell and login with your Office 365 admin credentials:
$LiveCred = Get-Credential
Step 3
Now you need to create a new session:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection
Step 4
Now you need to import the Office 365 session:
Import-PSSession $Session
Step 5
You can view current calendar permissions of the specified mailbox by using following:
Get-MailboxFolderPermission username:\calendar
As you can see by default on a calendar folder assigned only AvailabilityOnly role.
You can get the list off all user’s calendars default permissions using the following command:
Get-Mailbox –database mbxdbname| ForEach-Object {Get-MailboxFolderPermission $_”:\calendar”} | Where {$_.User -like “Default”} | Select Identity, User, AccessRightsStep 6
You can use these available access roles:
- Owner — read, create, modify and delete all items and folders. Also this role allows manage items permissions;
- PublishingEditor — read, create, modify and delete items/subfolders;
- Editor — read, create, modify and delete items;
- PublishingAuthor — read, create all items/subfolders. You can modify and delete only items you create;
- Author — create and read items; edit and delete own items NonEditingAuthor – full read access and create items. You can delete only your own items;
- Reviewer — read only;
- Contributor — create items and folders;
- AvailabilityOnly — read free/busy information from calendar;
- LimitedDetails;
- None — no permissions to access folder and files.
Step 7
Now run the following command. In the example below, user2 would be able to open user1 calendar and edit it:
Add-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights Editor
If you need to change the Default permissions for the calendar folder (in order to allow all users view calendar of the specified user), run the command:
Set-MailboxFolderPermission -Identity user1@domain.com:\calendar -User Default -AccessRights Reviewer
In some cases, you need to grant Reviewer permissions on a calendar folder in all mailboxes to all users in your Exchange organization. You can make this bulk permission change using simple PowerShell script. To change Default calendar permission for all mailbox in mailbox database to Reviewer:
Get-Mailbox –database mbxdbname | ForEach-Object {Set-MailboxFolderPermission $_”:\calendar” -User Default -AccessRights Reviewer}To remove permission use Remove-MailboxFolderPermission cmdlet:
Remove-MailboxFolderPermission -Identity user1@domain.com:\calendar –user user2@domain.com
Now you can disconnect from Office 365 your session:
Remove-PSSession $Session
Alternative Script
Also see this 365 script for setting calendar permissions: Set Calendar Permission in Office 365 Exchange Online.
If the above information helped you, make sure to check out our official Office 365 Migration Guide.
I am getting the error that the [FailureCategory=Cmdlet-UserAlreadyExistsInPermissionEntryException]
I am pretty sure they tried to setup sharing themselves and they have away/busy information only. Do you know of a way to change the permissions or remove them so I can add the PublishingEditor permissions they need?
Thanks, this is very helpful! (Jason’s comment about Use Set-MailboxFolderPermission for existing users was also helpful.)
A couple things to add:
– “None” is also an available role
– You can specify “Default” for the user parameter
Awesome! Thanks!
Is there an option to set everyones mailbox to reviewer access? i.e so everyone can have review access?
Great info
Is it possible to use a group ( security / distribution ) to assign permissions rather than individual users ? We are looking at our resource calendars to do this on
Hey, Daniel!
Create new security distribution group:
New-DistributionGroup -Type Security -Name “Access to Resource Calendars” -Alias “grResourceCalendAcess”
And add users to this group.
Grant permissions to resource calendar:
add-MailboxFolderPermission -Identity user_name:Calendar -User grResourceCalendAcess -AccessRights Owner
Hey
Awesome! Thanks for the reply!
Cheers
Daniel
STEP 2: Connecting to remote server failed…..
I get an error when trying Import-PSSession $Session. It says “The term ‘Import’ is not recognized as the name of a cmdlet…etc.”
This is quite archaic. Is there no way to do this through the admin portal?