Due to Microsoft limitations, it is currently not possible to grant true, read-only access to an entire Exchange Online mailbox. The “ReadPermission” access right refers only to being able to read the mailbox’s permission settings—it does not allow a user to open or view the mailbox contents.
For full mailbox access, you can assign the “Read and manage delegation” permission, which is functionally equivalent to Full Access—the delegate can read, send, delete, and otherwise act as the mailbox owner. There is no built-in “read-only” option at the full mailbox level in Exchange Online.
Granting “Full Access” permission gives delegates full control over the mailbox (including read, send, delete, etc.), not just read access. There is currently no supported method to provide only “read-only” access at the mailbox level in Exchange Online or Microsoft 365.
Read-only alternatives: folder-level permissions
While mailbox-level “read-only” access is not available, you can grant ‘read-only’ (Reviewer) permissions at the individual folder level (such as Inbox or Calendar). This is possible in both Exchange Online and on-premises Exchange environments.
You can apply these permissions using PowerShell or via custom actions in CoreView.
1. How to grant folder-level read-only access using PowerShell
The Add-MailboxFolderPermission
cmdlet allows you to grant a user permissions such as “Reviewer” (read-only) or “Owner” for a specific folder.
Syntax:
Add-MailboxFolderPermission
[-Identity] <MailboxFolderIdParameter>
-AccessRights <MailboxFolderAccessRight[]>
-User <MailboxFolderUserIdParameter>
[-Confirm]
[-DomainController <Fqdn>]
[-SendNotificationToUser <Boolean>]
[-SharingPermissionFlags <MailboxFolderPermissionFlags>]
[-WhatIf]
[<CommonParameters>]
Examples:
# Grant 'Owner' permission to Ed on the "Marketing" folder in Ayla's mailbox
Add-MailboxFolderPermission -Identity ayla@contoso.com:\Marketing -User ed@contoso.com -AccessRights Owner
# Add Julia as a calendar delegate (Editor) to Ayla’s mailbox (cannot view private items)
Add-MailboxFolderPermission -Identity ayla@contoso.com:\Calendar -User julia@contoso.com -AccessRights Editor -SharingPermissionFlags Delegate
# Add Laura as a calendar delegate (Editor) with access to private items
Add-MailboxFolderPermission -Identity ayla@contoso.com:\Calendar -User laura@contoso.com -AccessRights Editor -SharingPermissionFlags Delegate,CanViewPrivateItems
To grant read-only access, use -AccessRights Reviewer
instead of Owner/Editor.
Folder-level permissions must be assigned to each folder individually. Bulk or all-folder assignments are not natively supported.
1. How to grant folder-level read-only access using CoreView
You can manage and automate these folder-level permission assignments with CoreView’s custom actions.