synchronize folder permissions
Hello all.
We are using EV.9.0.2 for archiving MS Exchange mailboxes (2203/2007/2010).
Some users delegete rights to one ore more folder directly out of their Outlook client. So as example they give rights to folder
"\Job" under "\Inbox" but not for "\Private".
\Inbox
\Job
\Private
If the folder \Job is being archived now, the user have no access to any of the items in the archive.
While solving this via Active Directory and giving users access to the mailbox, ALL folders of the mailbox can be seen.
So in the example above \Inbox as well as \Private and \Job can be seen by the delegated user.
Checking our MS Exchange archiving policy, I found the point "Inherited permissions" (under "Advanced). This is currently set to "Off".
Before enabling this, I would like to ask some questions:
- Is this point just inheriting access rights to sepearte folders as decsribed above ?
- Is the enabling of this feature having an impact of the EV-servers performance ?
- Can we remove the AD permissions for the mailboxes afterwards and are the access rights still there for the delegated folders only ?
- Are items in this folder already being archived then visible to delegated users or is this just for newly archived items only ?
Thanks for your support.
SK
What do you have set for the following?
Synchronize folder permissions (Exchange Archiving General setting)
Description
Controls whether synchronization of delegate and shared folder permissions within mailboxes are synchronized. If these are not synchronized, only mailbox owners have access to the corresponding archives. For example, this prevents delegates, from having access to mailbox archives.
Supported values
-
Off. Folder permissions are not synchronized.
-
On (default). Folder permissions are synchronized.
Legacy name
SynchronizeFolderPermissions
See Exchange mailbox policy advanced settings
Article URL http://www.symantec.com/docs/HOWTO37219
-
