Summary
This Knowledge Base defines what permissions that Service Account requires to make the features of Resource Central and Resource Booking Web App work properly since Impersonation rights are deprecated in Exchange Online. More details can be found here:
Permissions required for Resource Central
To get different related features working, the Service Account needs the following permissions as an alternative to impersonation rights:
Permissions on resources
Full Access & Send As permission on resources
Service Account needs to be assigned Full Access & Send As mailbox permission on resource mailboxes to be able to:
- Synchronize meetings from calendar
- Synchronize resource data synch
- Synchronize exchange setting of resources
- Delete meetings from calendar of users
- Send Resource Central Reservation and Order emails
Details about setting Full Access & Send As Mailbox permission can be found here:
Manage permissions for recipients in Exchange Online | Microsoft Learn
Permission on System email
Send As permission on Resource Central system email
The Service Account must be granted Send As mailbox permission for the account assigned to “System Email”, enabling it to send emails on behalf of Resource Central. In the scenario where you use the service account as “System email”, you do not have to grant any mailbox permission. The followings are the examples of emails being sent by the “System email”:
- Virtual Resource emails
- Reminder emails
- Visitor emails
Details about setting Send As Mailbox permission can be found here:
Manage permissions for recipients in Exchange Online | Microsoft Learn
The most important values to set while granting Send As permission can be found here:
How to Grant Full Access Permissions to All Users’ Mailboxes Using PowerShell or using the GUI.
Permission on Organizers
Calendar Editor permission
Service Account needs to be assigned Calendar Editor permission so that it will be able to create, read, edit all items in the calendar folder of the organizer which is used for certain features. Details about granting Calendar Editor permission in Exchange can be found here:
Set-MailboxFolderPermission (ExchangePowerShell) | Microsoft Learn
The table below explains the need for Calendar Editor permission in relation to Resource Central features:
| Features | What is this permission used for? | Target mailbox |
| Alternative Resources | When the Outlook meeting invite is sent and Exchange has accepted the series, this right helps Resource Central to be able to replace the conflicted resources (if any) with alternative resources. | Organizer |
| Orders of extra service in service provider calendar | This permission is used to be able to create and change outlook invite containing the ordered service directly in the service provider’s calendar. Note that it is possible to decline appointments without Calendar Editor permission. | Service Provider |
| Booking Manager | It allows administrator:
| Organizer |
| History | It allows administrator to keep track of all changes made to the reservation (in terms of resources, date/time, subject, attendees, sync status, and mail notifications) on Exchange and Resource Central. | Organizer |
| Tasks | This permission allows organizer:
| Organizer |
Permissions required for Resource Booking Web App
Service Account needs to be assigned Full Access mailbox permission for the organizers that utilize this product. Details about setting Full Access Mailbox permission can be found here:
Manage permissions for recipients in Exchange Online | Microsoft Learn
Switching permission method in Realtime Manager
In the following it is assumed that the new permissions are granted to the existing service account, and that you have Realtime Service 6.6.34.40 or newer installed.
Open Realtime Manager and navigate to Settings section by pressing the gear icon at the top. Next navigate to "Exchange Servers" under "Realtime Service" menu option, and expand the existing O365 connection. At the bottom you will find a new setting that allow you to switch from using Impersonation to the new permission method described above.
Make sure that you validate the normal product workflows to confirm that everything works as before.
Properties
Reference: TFS #380949
Knowledge base ID: 0335
Last updated: Jul 02, 2024
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article