This is an interesting thing I've found with our Exchange 2010 implementation. You can grant a user ReadPermissions at the mailbox level ... and they can do absolutely nothing in the mailbox. What is the purpose of this setting? I can grant users read access at the folder level without this permission - why is it even there?

Maybe because it's part of the permissions template.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hello Willard, I think you cannot give a user read permissions at the mailbox level, you need to grant the permission at Folder level. Here is a related document about setup read only permission in Exchange 2007, you also can follow that way to do in Exchange 2010: How to: Setup Read Only Mailbox in Exchange 2003/2007 http://exchangeshare.wordpress.com/2009/07/07/how-to-setup-read-only-mailbox-in-exchange-20032007/ In Exchange 2010, you can use command "set-mailboxfolderpermission" or Exfolders to set permission on folders. Set-MailboxFolderPermission http://technet.microsoft.com/en-us/library/ff522363.aspx Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Evan Liu TechNet Community Support

Evan, Sorry, but the question is not "How can I grant read-only mailbox access?" but "Why is there a 'readpermissions' setting that appears to do nothing?" Do you have an answer for that? Will Martin

The mailbox owner can grant that with folder rights.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi Martin, When you grant permission at Active Directory Mailbox ACLs, you need full mailbox permission to access mailbox, only have read-only permission you cannot access the user's mailbox. Here is one related document for you: Minimum permissions necessary to access mailbox data http://blogs.technet.com/b/exchange/archive/2006/01/25/418099.aspx Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Evan Liu TechNet Community Support

On Tue, 19 Jun 2012 18:06:43 +0000, Willard Martin wrote: >Sorry, but the question is not "How can I grant read-only mailbox access?" but "Why is there a 'readpermissions' setting that appears to do nothing?" Do you have an answer for that? Sure. That gives everyone permission to read the permissions on the AD object. It doesn't grant them permission to read the contents of the mailbox. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Any updates on this issue? Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Evan Liu TechNet Community Support

Thanks, Rich, that is the answer I needed. So the 'readpermissions' setting does nothing for actual mailbox access. Would be nice if this was documented somewhere - when I searched MSFT.COM on "readpermissions", all I got was how to sue the Add-MailboxPermissions command.

On Thu, 21 Jun 2012 15:42:46 +0000, Willard Martin wrote: >Thanks, Rich, that is the answer I needed. So the 'readpermissions' setting does nothing for actual mailbox access. The answer isn't No". You need the 'Read Permissions" permission, but it isn't *directly* involved with access to a ailbox. >Would be nice if this was documented somewhere - when I searched MSFT.COM on "readpermissions", all I got was how to sue the Add-MailboxPermissions command. Well, "Read Permissions" (plural) isn't the same as "Read Permission" (singular). And what really allows you to open a mailbox is the "Receive As" permission. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP