9,744 questions
You will need to use Exchange powershell:
Graph does not yet support this.
How to tell what permissions a user has been given to a shared mailbox
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 21%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAE%3C/text%3E%3C/svg%3E)
Andrew Earl
105
Reputation points
Hi, in Outlook I can share my inbox with another user and grant them read access or write access.
When using graph API, is there a way to tell what permissions a user has to a specific shared inbox, e.g. no access, read only, read and write?
I am using delegated permissions.
Thanks
Outlook | Windows | Classic Outlook for Windows | For business
Exchange | Exchange Server | Management
7,925 questions
Microsoft Security | Microsoft Graph
13,724 questions
Accepted answer
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2024-08-22T16:00:44.04+00:00
1 additional answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 86%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Hitesh Pachipulusu - MSFT 3,620 Reputation points Microsoft External Staff2024-08-22T16:09:21.8933333+00:00 Hello Andrew Earl,
Greetings from Microsoft Support!
Currently, there isn’t a direct API call in Microsoft Graph to explicitly check the permissions a user has on a shared inbox. However, you can infer the permissions by attempting specific actions and handling the responses:
The Signed User should be the individual whose mailbox access is being verified.
The UserId should be the identifier of the user with a shared inbox.
- Read Access: Try to read messages from the shared inbox.
If successful, the user has at least read access.GET /users/{UserId}/mailFolders('Inbox')/messages - Write Access: Try to create or modify a message in the shared inbox.
If successful, the user has write access.POST /users/{UserId}/mailFolders('Inbox')/messages - No Access: If both actions fail, the user likely has no access.
These steps allow you to determine the level of access indirectly.
Hope this helps.
If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.
- Read Access: Try to read messages from the shared inbox.