Managing Shared Mailbox Permissions

The Active Directory connector supports managing Full Access, Send As, and Send On Behalf permissions on the Shared Mailbox.

Permissions can be assigned in the following ways:

Using the memberOfSharedMailboxattribute in the provisioning plan for the User Object.

Assign Full Access and Send As permissions to user.

For example:

Copy

<ProvisioningPlan>
    <AccountRequest op="Modify">
        <AttributeRequest name="memberOfSharedMailbox" op="Add" >
             <Value>
                <List>
                   <String>DN of the shared Mailbox </String>
                </List>
             </Value>
        </AttributeRequest>
    </AccountRequest>
</ProvisioningPlan>

The above request assigns Full Access and Send As permissions to the user. These are the default permissions that are assigned if permission names are not provided explicitly in the request. The default permission to be assigned can be changed by using the defaultSharedMBPermissions application configuration attribute.

For example:

This configuration sets default permissions to fullAccess, sendAs, and sendOnBehalf.

Assign specific permission to user.

Add specific permissions (other than the default) by passing additional information in the AttributeRequest by using the sharedMailboxPermission attribute in the request.

The following example only assigns the sendOnBehalf permission to the user:

Copy

    <ProvisioningPlan>
      <AccountRequest op="Modify">
           <AttributeRequest name="memberOfSharedMailbox" op="Add" >
           <Attributes>
              <Map>
                  <entry key="sharedMailboxPermission" value="sendOnBehalf" />
              </Map>
            </Attributes>
             <Value>
               <List>
                 <String>DN of the Shared Mailbox</String>
               </List>
            </Value>
       </AttributeRequest>
      </AccountRequest>
    </ProvisioningPlan>

Note
The connector supports only assigning of specific permissions. To remove a specific permission on the Shared Mailbox, update those permissions properties on Shared Mailbox entitlement object.

Assigning Permission by Updating Shared Mailbox Permission Attributes

Assign Shared Mailbox permission to Active Directory User or Group by updating the Shared Mailbox fullAccess, sendAs, and sendOnbehalf properties.

For example, the following plan executes the modify operation on the shared mailbox and assigns fullAccess and sendAs permission to the user or group:

Copy

<ObjectRequest application=<Application Name> nativeIdentity=<DN of the Shared mailbox> op="Modify" type="sharedMailbox">
    <AttributeRequest name="fullAccess" op="Add ">
        <Value>
            <List>
                <String> <DN of the User or Group ></String>
            </List>
        </Value>
    </AttributeRequest>
    <AttributeRequest name="sendAs" op="Add ">
        <Value>
            <List>
                <String> <DN of the User or Group ></String>
            </List>
        </Value>
    </AttributeRequest>
</ObjectRequest>

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Managing Shared Mailbox Permissions

Documentation Feedback