Can't assign calendar permissions to a group

When I assign permissions to a resource calendar in Outlook, I want to be able to use a security group so that I can manage membership of that security group in one place only - in Active Directory Users and Computers - and don't have to manage the permissions for each resource calendar separately.

Unfortunately due to some considerable degree of shortsightedness that Microsoft has exercised when designing Exchange and Local Users and Groups, among others, this logical option is not provided for.

By testing I have verified that a resource calendar's permissions can only be applied to individual users, not to groups. This is a very strange design, because permission management by user groups is an integral concept within Active Directory.

Unfortunately this glaring design anomaly is found in Local Users and Groups on a client PC, where it is not possible, for example, to make a security group a member of the Administrators group of that PC. Only individual users can be granted membership.

The result is that, as administrators, we end up administering the same list of users in multiple places and being unable to leverage the power of Active Directory because of deliberate and inexplicable design decisions.

I heard that Active Directory was originally designed from the directory needed to hold Exchange user and group information. If so, there seems no logical reason why it should not be possible to manage the permissions of Exchange resources in Active Directory where you can also manage the permissions of file resources. This deliberate restriction forces me to manage the permissions of each shared resource calendar individually for every single calendar.

We can set up calendars in Sharepoint and assign permissions to groups from Active Directory in order to manage them. I have tested being able to assign a security group from Active Directory to be a member of an appropriate Sharepoint group and have confirmed that this is indeed possible. So, voila, I can manage the group of users in Active Directory and thus avoid having to manage separate lists of users in different places for permissions.

Maybe Exchange's design limitations just make it too much hassle to use it to manage resources like the Equipment and Room mailboxes are supposed to provide.

--


.

Relevant Pages

  • Re: Integrate AzMan with SQL Database?
    ... We need to secure records in a table based on Active Directory ... permissions. ... Can someone point me to a good resource ...
    (microsoft.public.sqlserver.security)
  • Re: Cant assign calendar permissions to a group
    ... to be able to use a security group so that I can manage membership of ... By testing I have verified that a resource calendar's permissions can ... integral concept within Active Directory. ... Only individual users can be granted membership. ...
    (microsoft.public.exchange.admin)
  • Resource-based security with IPermission?
    ... The permissions should be assigned to the resource and the ... So I looked into extending the PrincipalPermission. ... GrantedPermissions, this is easy enough, however I wondered how or if ...
    (microsoft.public.dotnet.security)
  • Re: Role of current windows login user
    ... > Roles are not meant to check/control resource access permissions, ... > meant for program access/flow control. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Resource reservation problem
    ... I have set up permissions in the EXCHANGE GENERAL tab, ... I am positive the request is not directly made on the resource calendar. ...
    (microsoft.public.outlook.calendaring)
Loading