Forum Discussion

carrs654's avatar
carrs654
Level 4
13 years ago

Inherited permission issue

Hi All,

 

I wanted to know more about this setting which is found under Mailbox policy - Advanced setting - Inherited Permissions.

 

In my scenario , i gave permissions to exchange administrator on UserA & UserB mailboxes using Exch Management console ( exch 2007). Now after relevant tasks on the enterprise vault were run (synchronization etc). If i login to Archive explorer using the exchange admin i see userA & userB along with many other users. i checked in vault admin console & did verified that exchange administrator dont have permissions on other user archives.

Test2 ) If i do the same test with a regular user (userC) & logon to archive explorer he will see only userA & userB archives.

 

I want to know what is happening here.

  • Inherited permissions are permissions such as the ones set in AD where you grant full mailbox access or the send as/receive as etc Generally it's a bad idea to enable it as you end uP with backup admins able to see everyone's archives as they normally have access to everyone's mailbox anyway All you should really need is to allow delegate permissions and sync folder permissions and that will allow the end user to control who can and cannot access their mailbox Also a useful tool to check with is PermissionsBrowser.exe
  • Inherited permissions are permissions such as the ones set in AD where you grant full mailbox access or the send as/receive as etc Generally it's a bad idea to enable it as you end uP with backup admins able to see everyone's archives as they normally have access to everyone's mailbox anyway All you should really need is to allow delegate permissions and sync folder permissions and that will allow the end user to control who can and cannot access their mailbox Also a useful tool to check with is PermissionsBrowser.exe
  • I wanted to know more about this setting which is found under Mailbox policy - Advanced setting - Inherited Permissions.

    Comment: It actually controls whether EV includes inherited permissions between mailboxes and archives when synch. takes place.

     

    I agree with Jesuswept2 as Permissionbrowser.exe is the best tool to begin with analysing the permissions inherited on all your archvies. Sometime if you have granted the permission on archive and later on remove it from the archive, in this case, probably you need to clear your IE cache to check the updated behaviour.