1

I have a shared mailbox in Office 365 with a shared calendar. Users are granted Publishing Author permission to the calendar folder using Exchange Online PowerShell and these permissions are confirmed using Outlook during troubleshooting.

The problem is that a new user we're setting up can only see the Default permissions, despite being granted the same permissions as everyone else. The user hasn't signed in yet so I'm able to log in to OWA using their account and it shows only the free/busy status for this calendar. If I update the Default permission to show full details, their OWA calendar view updates immediately to reflect the change. But changing their explicit permissions (Publishing Author, Editor, Publishing Editor) makes no difference at all. SharingPermissionFlags is $null for all users with access rights (including Default). So far no other users have reported any problems viewing or accessing the calendar, so this appears isolated to this one new user.

Based on my testing, I don't think this is an issue with folder permissions differing from calendar permissions, though it certainly looks like it. The behavior is exactly as though OWA/Exchange Online doesn't even recognize the user has explicit permissions at all. I conclude this because changing the permissions on the Default user affect this user's view.

In the below (sanitized) screenshot, the first user after Anonymous is unable to view any calendar item details, they can only see availability. All other users have access as expected. Once I set the Default permission to "Reviewer", they can see all details and interact with the calendar as expected. These are Office 365 mailboxes and both the target calendar and the user have Office 365 E1 licenses.

powershell results

Something else that is extra weird is that when I set the Default permission to "AvailabilityOnly", this user cannot view or interact with the calendar beyond free/busy status. However, when I set the Default permission to Reviewer, this user can fully interact with the calendar with the explicit PublishingAuthor permission we've granted. If I set the Default permission back to AvailabilityOnly, the user again cannot view or interact with the calendar beyond seeing free/busy status.

Has anyone else experienced this and been able to resolve it?

Thomas
  • 868
  • 4
  • 17
  • 35
  • As mentioned in the offical document:https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/set-mailboxfolderpermission?view=exchange-ps The SharingPermissionFlags parameter assigns calendar delegate permissions. This parameter only applies to calendar folders and can only be used when the AccessRights parameter value is Editor. Also, can you view the right permission by running Get-MailboxFolderPermission for that specific user? – joyceshen Jul 01 '19 at 06:23
  • @joyceshen - sorry for the late follow-up. Lost track of the ticket on my end. I can view and confirm the permissions for the specific user and all other users using Outlook or PowerShell. Everything *looks* like it's set correctly, and matches all other existing user permissions on the mailbox. I have tried changing the folder permission from PublishingEditor to PublishingAuthor to Editor and none of them made any difference. – Thomas Jul 17 '19 at 22:05
  • Right now I left the default permission set to what they need while I work on tracking down the problem. Customer hasn't complained. It's weird, because it's behaving as though no explicit permissions at all are even set for this user. – Thomas Jul 17 '19 at 22:09
  • Added screenshot and a few extra notes. – Thomas Jul 22 '19 at 17:12

2 Answers2

0

I've had the same issues occur and it's always the company owner assistants or schedulers that need the access desperately and usually have worked before. Sometimes it's based on the email account the user was in beforehand but in your situation, which I experienced this morning, removing the calendar, and then modifying or changing the editor permission to owner, and then relaunching Outlook and adding the calendar from the address book instead of from adding as a shared calendar resolved the issues immediately. I'm not fully sure if it was the change from adding the permission from editor to Owner (even though as of Friday the explicit calendar permissions were still working) or just closing the calendar and adding it again from the address book.

Either way it's like the explicit permissions are ignored for default permissions as you said; and when it's worked for weeks and months you know something had to happen on the Exchange Online side and not on either the client that's viewing/delegated access to calendar folders or the user's own calendar permissions. As you displayed in the screenshot, the permissions are there, it just doesn't apply for some reason. At least removing and re-adding or changing from editor to owner can resolve the issue. Obviously Powershell is a need as MS can't help us with this properly usually via GUI and no real explanation when it's just one account of hundreds that work fine.

Glorfindel
  • 1,213
  • 3
  • 15
  • 22
Jeff
  • 1
0

After opening a case with Microsoft, the fix was stupid simple: remove the user's explicit permission, wait, and then re-add it. An embarrassing reminder to try the easy things first.

The root cause is ostensibly some kind of permissions application or replication failure in Office 365. Details remain unknown as the MS technician working the problem did not (and likely could not) investigate the root cause any further.

Thomas
  • 868
  • 4
  • 17
  • 35