Is it possible to be a delegate with create, update and delete own permissions but not read in exchange 2010

Question

I have a service account that I want to be able to access another users calendar through the ews api in such a way that it can create appointments, update appointments they have created and delete appointments they have created but NOT be able to read all items on the users calendar.

This appears to be possible in office 365 (see screenshot) but is it possible with Exchange 2010? If so how?

Answer 1

Sure the image you have posted is just the Folder permissions from Outlook these permission are the same from Exchange 2007 to Office365. The two ways you can set permission pro-grammatically like you have shown is first use one of the Mailbox Access API's like Mapi or EWS and set the Folder permission eg https://msdn.microsoft.com/en-us/library/office/dn641962(v=exchg.150).aspx

Or you can use the Exchange Management Shell and Add-MailboxFolderPermissions https://blogs.technet.microsoft.com/ilvancri/2009/11/24/exchange-2010-and-then-there-is-the-long-awaited-cmdlet-add-mailboxfolderpermission/ this can be a better approach as it just requires delegated admin rights via an RBAC role where setting the folder permission via EWS because it uses a User API would require the account setting those permissions to be the Mailbox owner, have been delegate Full Access rights on the Mailbox (eg add-mailboxpermission) or use Impersonation.