01825 818572
To give a user (read-only in this case) access to specific folders of another mailbox, without giving them full access to the whole mailbox, you need to grant permissions at the top (of the information store) level and then specify which subfolder(s) you want them to see:
Add-MailboxFolderPermission -Identity MailboxName: -User UserToHaveAccess -AccessRights FolderVisible
Add-MailboxFolderPermission -Identity MailboxName:Inbox -User UserToHaveAccess -AccessRights Reviewer
This will give the UserToHaveAccess read-only access to the Inbox of MailboxName. You can specify additional folders or permissions as required.
To remove permissions, just do the reverse (using Remove- instead of Add- natch) without the -AccessRights:
Remove-MailboxFolderPermission – Identity MailboxName: -User UserToNotHaveAccess
NOTE: There does not seem to be a way to disable inheritance for any new folders created after these permissions are set. For example if a subfolder of Inbox is created, the UserToHaveAccess will be able to see and read the content of the new subfolder. Any subfolder under the top of the mailbox will be visible but the content will not (as it will inherit the FolderVisible right).
