Public Folder & Security Group Permissions Question (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Public Folders



Message


Krokodyle -> Public Folder & Security Group Permissions Question (15.Jan.2008 12:27:04 PM)

Hello everyone,

Recently our main admin moved on, and I've taken over most of his duties.  However, Exchange 2003 isn't my strongpoint, so I'm looking for a solution to a requested function.

We have a general office public folder.  The entire office staff can select & view it (with a couple users given full access to modify & delete any of the entries via the calendar's permissions).  What we need is the ability for members of a specific department to be able to modify/delete *any of their own* calendar items within the public calendar.  Right now, the users can only modify/delete items they have proposed themselves.

I've created a security group with the specific department members, and added that group into the office folder's properties (permissions).  However, the members are still only able to modify/delete items their own items, not someone else's (within the security group).  I see that I can select "all" in the Edit and Delete areas, but wouldn't that allow them to Edit/Delete *anything* in the public folder, and not just entries created within the department/security group?

Any suggestions?  Does this have to be done via a sub-folder within the main public folder?




bdoeden -> RE: Public Folder & Security Group Permissions Question (16.Jan.2008 10:53:11 AM)

I may be misunderstanding you, but permissions for resources are controlled through resource permissions - log on as the resource, Tools/Options, click on Calendar Options, go to Resource Scheduling, click on Permissions, go to the permissions tab, and set the permissions for the specific group as you would like it - the available permissions levels are, in my opinion, robust enough for most scenarios.  Everything from reviewer to publishing editor.




Krokodyle -> RE: Public Folder & Security Group Permissions Question (16.Jan.2008 11:15:27 AM)

Let me see if I can clarify it a little bit:

We have a general public calendar, that the entire staff can see (when selected), and modify their own entries.  Three people are allowed full control of the entries therein.

We have a 3-person department (ie Tom, Dick, and Harry) where one person is "on call" that day, which appears as an 'all day' appointment on the public calendar (so that all of the other staff can see it).  These "on call" appointments are created by the department members themselves, so Tom makes an reocurring appointment that he's "on call" Tuesdays and Wednesdays during the week.

However, if Tom is sick, and someone else needs to cover his duties, only *Tom* is able to modify or delete that entry in the calendar (because of the settings for 'default' users).  We would like it so that the members of that department (which I made into a security group) can modify and/or delete ANY of the calendar entries made by that department--but  for security reasons, not any other entires in the public calendar.

In other words, the members of that security group can modify and/or delete anything those same members create, but nothing else on the main calendar.

Sorry for the confusion, hope this makes it a little clearer...




Krokodyle -> RE: Public Folder & Security Group Permissions Question (16.Jan.2008 11:20:50 AM)

quote:

ORIGINAL: bdoeden

I may be misunderstanding you, but permissions for resources are controlled through resource permissions


This sounds like it's being controlled at the local machines, rather than the server itself, which is what I would like.  Am I understanding your approach correctly?




Sandymount -> RE: Public Folder & Security Group Permissions Question (16.Jul.2008 7:38:30 AM)

Did you figure out a solution?

Client Permissions
Default:                Reviewer
User1:                  Author
User2:                  Author
...
User15:                Author
User16:                Author
Admin1:               Owner
Admin2:               Owner
Anonymous:         Reviewer


Similarly, we have two Admins of a Public Folder calendar. These two have permissions to modify any calendar events created by any users. Each User can create/modify their own events only. They cannot delete or modify events created by other users.

It now seems that, like you, some of the users are in departments and manage each others work loads and so need to modify their colleague's events. However, we must ensure that they do not have the ability to affect events made by those in other departments (such as stealing their resources, which is not beyond the realms of possibility here).

Unfortunately, I don't believe that we can use security groups. That would seem the most likely solution - that events created by a memeber of the security group can be delted/modified by other members of that security group.




Page: [1]