The Mystery of Calendar Permissions explained…

We get to experience a wide variety of issues here in Microsoft support, and some of them can get very interesting. As someone who has been involved in troubleshooting issues with computers for over 15 years now, I always like a good challenge.

So when the opportunity came up to help explain a strange calendar permissions issue, I of course jumped at the chance!

The issue:
Users were complaining that they were granting "Owner" permissions on their Calendar using Outlook, but then if they viewed permissions in OWA, it was showing as "Limited Details". Huh?!? Confusing, right?

I set up a repro. Lets look at what each one looks like.

First, Powershell. I used the Get-MailboxFolderPermission cmdlet to display the ACL on the Calendar folder. You can see here that Peggy Sue has been granted Owner rights on my Calendar.

clip_image002

This matches up with what displays in Outlook as well.

clip_image004

Now OWA. Remember, both Outlook and Powershell display as Owner.

clip_image006

Hmm. One of these things is not like the others… :-)

The first clue I had that OWA was displaying something different is the "INSIDE ORGANIZATION" text. From previous experience, this is related to Sharing Policies, which define how you can share your calendar with others (both Inside and Outside of your Organization). This clued me in that OWA is not displaying the actual folder permissions (ACL entry). Instead, what is doing is looking at the permissions entries, and attempting to convert that permission to an equivalent Calendar Sharing permission (which is not the same!).

Next, what I found is that related to Sharing, there are only 5 Calendar Sharing permissions that are displayed (whereas the folder permissions have many more!). Those are:

Delegate
Editor
Full Details
Limited Details
Availability Only

The logic for the calendar sharing permission goes something like this.

Analyze the permisssions entry.

Is it Editor?
If the permission is Editor, and View Private Items is set, display as Delegate
If the permission is Editor, and view private items is NOT set, display as Editor

If the permission is Reviewer, display as Full details

Note at this point, we have come to the end of the actual *folder permissions* that we evaluate (I don't count Free/Busy permissions as a real folder permission, because you are only granting rights to view Availability information, which to me isn't the same. You can make an argument that they are still folder permissions, but I don't count them in the same boat as the others). If you review the list of Folder permissions available to add with the Add-MailboxFolderPermission here, you can see that there are a bunch of folder permissions that we don’t look at, including Owner, Author, and Contributor.

Now we move on to Free/Busy permissions, which are calendar-specific.

If the Free/Busy permission is LimitedDetails (Outlook displays as View Free/Busy Time, Subject, location), display as Limited Details

If the Free/Busy permission level is AvailabilityOnly (Outlook displays as Free/Busy time), display as Availability Only.

The net result is that OWA Calendar Sharing Permission does not have an equivalent for some of the permissions on the calendar folder, and it attempts to map it to a sharing permission as best it can. Since Owner (and Author and Contributor for that matter) have write permissions to the calendar, it is defaulting to displaying Limited Details. The following table summarizes the above information.

Calendar permission role

Calendar Sharing equivalent

Owner

No equivalent – displays as Limited Details

Publishing Editor

No equivalent – displays as Limited Details

Editor + View Private Items

Delegate

Editor

Editor

Publishing Author

No equivalent – displays as Limited Details

Author

No equivalent – displays as Limited Details

Nonediting Author

No equivalent – displays as Limited Details

Reviewer

Full Details

Contributor

No equivalent – displays as Limited Details

Free/Busy time, subject, location

Limited Details

Free/Busy time

Availability Only

None

Doesn’t display in list

I hope you find this information helpful.