Hello.
We have a number of shared mailboxes on our Exchange 2010 SP2 system that are effectively used as a team archive. Currently people either have full access so they can create and delete items or none at all.
We would like to prevent most of them from being able to delete items (either by accident or maliciously) but still leave them able to create new subfolders and move emails into them, then only give full access to a couple of supervisors.
I'm testing this now using my account and had hoped that the explicit deny would override the full access as it would do with NTFS permissions but that doesn't seem to be the case.
Add-MailboxPermission sales -AccessRights fullaccess -user alex
Add-MailboxPermission sales -AccessRights deleteitem -deny -user alex
Identity User AccessRights
IsInherited Deny
-------- ---- ------------ ----------- ----
domain.co.uk/Exc... DOMAIN\Alex {DeleteItem} False True
domain.co.uk/Exc... DOMAIN\Alex {FullAccess, ReadPermission} False False
With the permissions above I still appear to have full access and can delete other people's items.
Can anyone suggest how to achive this please?
Thanks
