In large organizations it can be a very convenient capability to allow some of your co-workers access to your calendar. This feature supports collaboration and helps to avoid over scheduling of meetings and appointments. Along with that capability is another feature that can allow other users access to your mailbox. This other feature is referred to as granting delegation access.

Granting access for other users to access your mailbox understandably involves a very large amount of trust. However the benefits can be worth it if the conditions exist to give someone else access to your email. But disregarding the privacy issues there can also be problems with granting delegation access.

There are two methods used for granting someone else access to your email:

1. Granting Delegate access:  This method is used to grant access to one or more of your Outlook folders. These folders can include: Calendar, Inbox, Notes, Tasks, Contacts and Journal. The users who you grant delegate access to will also have the “Send on behalf of” right explicitly granted to them. The delegated users can access the delegated folders by clicking on “File”, then “Open” and then clicking on “Other Users Folder”. Delegated access can be restricted through additional steps if necessary. Note that a delegate can be given different permissions for different folders. This allows the owner to control access to items in their Exchange mailbox. Usually if access to your calendar or inbox has already been granted without any problems then the “Send on behalf of” capability can also be given at the discretion of the owner of the inbox.
2. Granting specific folder permissions: This method is probably the best one to begin with when giving someone else access to your inbox and other folders. This method provides the same functionality as the Grant Delegate access method but it does not automatically give the “Send on behalf of” right to the specified users who are given permissions to your folders. In addition the “permission granted” users will need to add your mailbox folders to their own Outlook account. Once they have added your folders to their account then they will be able to see only those folders which they have been given permission to view.

Granting access to others to view your mailbox and other folders, and to respond to your email messages received, should be implemented only after one has set up rules and policies to guide the granted delegate in what manner to use your mailbox and what the boundaries are for responding to email messages. Failure to do so can result in leaked email messages and confidential company information.

Communications to mailboxes that are monitored by delegates should be marked as “private” or “confidential” to ensure that only the owner – not the delegate – will view the email communication. And on the receiving end, the owner should instruct the delegate that any email messages marked as “private” or “confidential” are not to be opened. This can help to maintain the integrity of the email communications between the sender and the recipients of mail inboxes managed by delegates.

Sometimes there are more delegates than who are actually listed in the permissions/delegate list. If this is the case then some cleanup may be in order. An administrator should check if the “Default” and “Anonymous” entries exist and, if so, is the “Anonymous” entry set to “none”.

Sometimes during a server migration mailbox folders such as calendars or inboxes that were previously accessed by delegates are no longer viewable by those delegates. One solution is to remove the delegates through the owner’s account and then re-add the same delegate. If the delegate still cannot view the owner’s folders then an administrator should go to the Exchange Advanced tab and click Mailbox Rights for both the owner and the delegate. Then verify that the “Associated External Account” permissions box is unchecked and that SELF has “Full Mailbox Access”. A third solution, to the migration problem, is to wait until the mailbox folders have been completely migrated to the new server and then to check the parameters on the Exchange General tab. Select the Delivery Options and then verify that the delegate is listed in the “Send on behalf of” box. If not then add the delegate.

Lastly, sometimes when a user has been granted delegate access they are unable to use Microsoft Outlook web access (OWA) to modify any of the folders for which they have access. An administrator should ensure that full write access has also been granted through OWA to the mailbox that has been delegated. Configuring the delegate as the owner of the mailbox can solve this problem if using Outlook web access.