0 votes

Good Afternoon,

I'm looking for some clarification on what security settings I would need to apply to the Self-Service Users to allow them to update both their own out of office, and that of any secondary email account they have full access to in exchange.

For example: User1 has access to update the exchange properties of their own mailbox via self-service User1 also has a disabled account called "User1secondary" which they have full control of that mailbox so that they can send and receive emails to an alternate email address.

I want to know if there is a way in Adaxes to set security so a user can change the out of office replies for this secondary account but only the accounts they have full access to.

Please let me know if this requires more clarification.

by (640 points)
0

Hello,

For us to suggest a solution, please, specify how the primary and secondary accounts are related to each other. In your example, you mentioned accounts names User1 and User1secondary. What property is this related to? Is it the name property?

Any additional details will be much appreciated.

0

Thank you for the follow up.

So let me clarify further

  • There are 2 user accounts. One that is an enabled user and acts as the users primary account. let's call it "jtop"
  • The 2nd user account is configured as a shared mailbox, the user account is disabled and in exchange the jtop user is given full access permissions to the mailbox allowing the primary user to send and receive.

Previously user would be able to set Out Of Office replies via OWA, but we've disabled it due to security concerns with the platform.

We currently have a means for Managers to set the out of office for all their direct reports, but we would like an option for the user to set their own. Preferably using the Self-Service portal providing permission to the user as long as they have full-access permission to the mailbox. If that's not possible, maybe we could use last name as a field to connect the two or similar display names.

I'm not sure if this helps clear up the request, but please let me know if you need further specifics.

0

Hello,

Is there any way to get further assistance with this request?

0

Hello,

Sorry for the delayed reply. Unfortunately this does not clear how the accounts are related to each other. In your example, the primary account is jtop and it has full access permissions to the mailbox of the secondary account. Is this the only relationship between the two accounts? If it is, would it be possible to set some AD property of the secondary account to the sAMAccountName of the primary one to relate the accounts?

0

To answer your question, yes the only substantial connection between the two accounts is that the primary has full access permissions on the secondary accounts mailbox (mainly the only reason the secondary accounts exist)

That being said I do see what you're saying about an AD property to link the user accounts together, I was just hoping there was a way for Adaxes to see the full control option and allow the user to manage the out of office that way.

0

Unfortunately, there is no way to conveniently grant the permissions to an account over another account if the only relationship they have is "the first account has full access to the mailbox of the second account". You need to establish a more concrete relationship between such accounts, for example "a specific property of the second account contains the Logon name of the first account".

Please log in or register to answer this question.

Related questions

0 votes
1 answer

I'd like to be able to either send an email report or export a CSV of all of the business rules carried out when a user is disabled. This would be ... Management Activity section but this includes things that weren't part of the disable operation. Thanks

asked Feb 19, 2020 by bavery (230 points)
0 votes
0 answers

I'm trying to setup a quick automations to drop a notification into a Micrsoft Teams feed using their Webhook integration. I've managed to make Webhooks work ... -body $body -ContentType 'application/json' Any assistance with this would be gratefully received

asked Jan 20, 2020 by richarddewis (220 points)
0 votes
1 answer

Hi All, I have just been notified that if a user uses the export feature. They are able to export attributes such as 'Member Of' that they do not have ... interface or will I have to individually add permissions to the Domain User security role? Thanks

asked Jun 30, 2020 by antondubek (440 points)
0 votes
1 answer

I know I can set the "User must change password at next logon" flag, but noticed when I do that, they can no longer log in to Self-Service.

asked Oct 1, 2020 by RickWaukCo (300 points)
0 votes
1 answer

I have a Business Rule where "After User Creation", "Create the home directory". This works fine and adds the user Modify Access to their home directory, but it also Adds ... does not need to be given explicit access. Is there a way to suppress this behavior?

asked Mar 4, 2016 by Kikaida (1.1k points)
2,599 questions
2,338 answers
6,212 comments
843,681 users