Summary
This Knowledge Base defines what permissions that Service Account requires to make the features of Resource Central and Resource Booking Web App work properly since Impersonation rights are deprecated.
Permissions required for Resource Central
To get different related features working, the Service Account needs the following permissions as an alternative to impersonation rights:
Permissions on resources
Full Access permission on resources
Service Account needs to be assigned Full Access mailbox permission on resource mailboxes to be able to:
- Synchronize meetings from calendar
- Synchronize resource data synch
- Synchronize exchange setting of resources
- Delete meetings from calendar of users
- Send Resource Central Reservation and Order emails
Details about setting Full Access Mailbox permission can be found here:
Manage permissions for recipients in Exchange Online | Microsoft Learn
Permission on System email
Send As permission on Resource Central system email
The Service Account must be granted Send As mailbox permission for the account assigned to “System Email”, enabling it to send emails on behalf of Resource Central. In the scenario where you use the service account as “System email”, you do not have to grant any mailbox permission. The followings are the examples of emails being sent by the “System email”:
- Virtual Resource emails
- Reminder emails
- Visitor emails
Details about setting Send As Mailbox permission can be found here:
Manage permissions for recipients in Exchange Online | Microsoft Learn
Permission on Organizers:
Calendar Editor permission
Service Account needs to be assigned Calendar Editor permission so that it will be able to create, read, edit all items in the calendar folder of the organizer which is used for certain features. Details about granting Calendar Editor permission in Exchange can be found here:
Set-MailboxFolderPermission (ExchangePowerShell) | Microsoft Learn
The table below explains the need for Calendar Editor permission in relation to Resource Central features:
| Features |
What is this permission used for? |
Target mailbox |
| Alternative Resources |
When the Outlook meeting invite is sent and Exchange has accepted the series, this right helps Resource Central to be able to replace the conflicted resources (if any) with alternative resources.
|
Organizer |
| Orders of extra service in service provider calendar |
This permission is used to be able to create and change outlook invite containing the ordered service directly in the service provider’s calendar. Note that it is possible to decline appointments without Calendar Editor permission.
|
Service Provider |
| Booking Manager |
It allows administrator:
|
Organizer |
| History |
It allows administrator to keep track of all changes made to the reservation (in terms of resources, date/time, subject, attendees, sync status, and mail notifications) on Exchange and Resource Central.
|
Organizer |
| Tasks |
This permission allows organizer:
|
Organizer |
Permissions required for Resource Booking Web App
Service Account needs to be assigned Full Access mailbox permission for the organizers that utilize this product. Details about setting Full Access Mailbox permission can be found here:
Manage permissions for recipients in Exchange Online | Microsoft Learn
Properties
Reference: TFS #380949
Knowledge base ID: 0335
Last updated: Jul 02, 2024
Quan Nguyen Hai
Comments