Granting Users Full Access to a Mailbox Other Than Their Own

Granting a user full access to a mailbox differs from granting access to a folder or granting Send on Behalf of access. Using full access, a user can log on to another user's mailbox and in most respects act as the mailbox owner, as shown in the following figure. This strategy is frequently used to implement resource mailboxes because resource mailboxes do not necessarily have a single effective owner, but must be accessed by a group of users.

With full mailbox access, User A logs on to User B's mailbox

There are certain exceptions to what a user with full mailbox access is allowed to do. A user with full mailbox access to another user's mailbox cannot access other mailboxes or folders to which the mailbox owner has permissions. For example, consider the situation in Figure 9.4, where User A logs on to User B's mailbox. Suppose that another user (User C) has granted User B Editor permissions on User C's Calendar folder. Even though User A is logged on to User B's mailbox, User A cannot open User C's Calendar folder. (Such behavior was possible using Exchange Server 5.5 and earlier.)

In addition, a user who has full mailbox access to another user's mailbox does not automatically have the ability to send mail on behalf of that user or to send mail as that user. The administrator must add those rights separately.

Users with full mailbox access to a specific mailbox can also open folders on that mailbox without logging on to it, and can be granted Send on Behalf of permission as well as shown in the following figure.

With full mailbox access, User A opens folders in User B's mailbox and sends mail on behalf of User B (without actually logging on to User B's mailbox)

Only an administrator can grant this type of access, by using Active Directory Users and Computers. To give someone access to another users mailbox, you must have the appropriate permissions to modify user objects in Active Directory. For more information about these permissions, see Windows Help.

For detailed steps about how to give a user full access to another user's mailbox, see How to Give a User Full Access to Another User's Mailbox.

Granting Send As Permissions

If users can log on to a mailbox (they have Full Mailbox Access permissions), they may also have Send As permissions for the mailbox. These permissions may be granted automatically, or you can grant them manually. With Send As permissions, a user can act as the mailbox owner when sending mail as shown in the following figure. (Mail is sent from the mailbox owner, not on behalf of the mailbox owner.)

With full mailbox access and Send As permissions, User A logs on to User B's mailbox and sends mail while acting as User B

If the user that is logged on to a mailbox is the mailbox owner (the user's Security ID is the SID that was associated with the mailbox when it was created), that user automatically has Send As permissions. For any other user that logs on to the mailbox, these permissions are not automatically defined, and you can grant them manually.

For detailed steps about how to manually grant Send As permissions to a user with full mailbox access, see How to Manually Grant Send As Permissions to a User with Full Mailbox Access.