Manage Full Access Permissions
Applies to: Exchange Server 2010
Use the Manage Full Access Permission wizard to grant Full Access permissions to users or groups for a selected mailbox. You can also use this wizard to remove Full Access permissions from users or groups.
When you grant the Full Access permission to another user for a mailbox, that user will be able to log on to the mailbox and access its entire contents.
Granting Full Access permissions doesn't grant the right to send mail as the selected mailbox. To grant Send As permissions, see the following topics:
Looking for other management tasks related to mailbox permissions? Check out Permissions to Manage Mailbox Servers.
What Do You Want to Do?
- Use the EMC to manage full access permissions for a mailbox
- Use the Shell to manage full access permissions for a mailbox
Use the EMC to manage full access permissions for a mailbox
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Permissions and delegation" entry in the Mailbox Permissions topic.
In the console tree, click Recipient Configuration.
In the result pane, select a recipient. You can manage Full Access permissions for the following recipient types:
- Discovery mailboxes
- User mailboxes
- Resource mailboxes
In the action pane, click Manage Full Access Permission.
On the Manage Full Access Permission page, select the users or groups to which you want to grant the Full Access permission or from which you want to remove the permission.
Add Click this button to open the Select User or Group dialog box. Use this dialog box to select the users or groups to which you want to grant the Full Access permission.
Select a user or group, and then click this button to remove the Full Access permission from that user or group.
Important
By default, every mailbox has the security principal NT AUTHORITY\SELF listed. This security principal represents the mailbox owner. If you revoke the Full Access permission from this security principal, the mailbox owner is no longer able to log on to the mailbox.
On the Completion page, review the following, and then click Finish to close the wizard:
- A status of Completed indicates that the wizard completed the task successfully.
- A status of Failed indicates that the task wasn't completed. If the task fails, review the summary for an explanation, and then click Back to make any configuration changes.
Click Finish close the wizard.
Use the Shell to manage full access permissions for a mailbox
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Permissions and delegation" entry in the Mailbox Permissions topic.
This example grants user Ted Bremer full access to user Ellen Adam's mailbox.
Add-MailboxPermission -Identity "Ellen Adams" -User TedBrem -AccessRights Fullaccess -InheritanceType all
This example removes user John Peoples' full access permissions to user Ayla Kol's mailbox.
Remove-MailboxPermission -Identity Ayla -User 'JPeoples' -AccessRight FullAccess -InheritanceType All
For detailed syntax and parameter information, see Add-MailboxPermission.