Understanding Calendar Access Rights

Download PDF Version

The purpose of this document is to describe how Calendar Access Rights are assigned to personal, group, resource and location calendars.

All Calendars Group

The first thing that you want to review is how the access rights are assigned on your All Calendars group.

As all calendars belong to this group, if you do not assign any access rights to a calendar or make the calendar a member of another calendar group, the permissions will default to those set on this group.

A typical setting for All calendars is All Users > See Times

If there is nothing entered in this group, then the default will be All Users > Schedule + Details

This may not be the desired result as this affects what people can do and see with all of the personal calendars on your system.

---

Scheduling Events into Personal Calendars

If users can only See Times which is the (Open Calendar) permission, then when users try to open a calendar of a user via the Directory by right-clicking on a user icon and choosing Open User Calendar then the view of the calendar will show only busy times and no details

When a user tries to schedule an event into the user's calendar via the Participants > People tab,

the recipient of the invitation (the participant) will receive an invitation in his/her mailbox, waiting for acceptance.  If the invitation is accepted, the calendar event is placed in the invitee's calendar but the event time and body content is not editable by the invitee.

The invitee can, however, change the color, category and reminder as well as choose a new response by clicking on one of the three buttons.

Note 1:  If the event gets updated by the owner of the event a NEW invitation is sent to the recipient, when accepted, the original event is updated and a new one is not created.

Note 2: If the user Declines the update, the event will continue to display the original time in the Calendar view for the participant but will not remove it from the participant's calendar.  If the event is opened, the updated event time is displayed in the event itself.

Event History

The history of the event will show all activity

Note 3:  If the owner of the event deletes the event from his/her calendar, the event is also removed from the participant's calendar

Scheduling Group, Location and Resource Calendars

Group, Location and Resource Calendars can be either listed in the directory or not.  ie Published, or Unpublished.

Published Calendars

If a calendar is published in the directory, then there are two different ways to enter events in the calendar.

Those with (Create Items) and  (Edit items) permissions can enter events into the calendar as they can with unpublished calendars.  Events entered by individuals with these permissions will not show up in the user's personal calendar.

If the users has the (Add Participant) permission then the user can schedule an event in to the calendar in two different ways.  In each case, the event is also placed in the user's personal calendar.

Case 1 - Indirect Entry

The user can start the new event within his/her own calendar or from within an event that is scheduled directly into another published group or resource calendar.

To schedule an event indirectly into a Group calendar from within another calendar, click on the Participants > People tab and enter the calendar name there.

To schedule an event indirectly into a resource or location calendar from within another calendar, click on the Participants > Resources tab and enter the calendar names there.

As you would expect, in both cases above, the original event is in the user's own calendar and the published group or resource calendar is just a participant.

---

Case 2 - Direct Entry

You can enter the event into the Group, Location or Resource calendar directly.

If you do not have (Create Items) and  (Edit items) permissions and just have  Add Participants, the event original will be placed in your own calendar and the calendar that you are entering the event in will just appear as a participant.

Note: Any change to the event made from within your own calendar will be reflected in the target calendar as well.

Deleting a calendar event from within your own calendar will also delete it from the participant calendar.

A typical set of access rights for calendars scheduled this way are

This gives the user the ability to create new items, delete/modify their own entries as well as open and view the details of any event and download any associated attachments.

Unpublished Calendars

Note: Unpublished Calendars can not be scheduled via the Participants tab from within any other calendar.

If the calendar is NOT published in the directory, only those individuals or groups of individuals with (Create Items) and  Edit items permission can enter events into the calendar.  The user must also have (minimally) (view Unrestricted Details), (Open Items) and (Open Calendar).

A possible setting for an Unpublished Calendar that is managed by a user or group of users is

This will allow all users with these rights to create new events in this calendar, delete their own and view all events and download any files that might be attached to the event.

Note: If a user has the  Edit items permission, there is no way to prevent that users from editing another person's event.  The history permission will track this change however.  Restricting users to  will prevent a user from deleting someone else's event however.

To make this calendar "Read Only" for all other users, a possible setting would be

Note:  Events entered into an unpublished calendar do not get placed in the user's calendar.

What is the real difference between Direct and Indirect Entries?

When you open a group or resource calendar and double click to start a new event, the following happens:

A) If you have (Create Items) permission, your new event is created directly in that calendar as a document.

B) If you do not have Create Items permission, but you do have (Add Participant) permission, the event is created in your personal calendar as a message and the group  or resource/location calendar is automatically added to the participants list.

C) If you have neither permission mentioned above, you get an access denied error.

What adds to the complexity is when a published calendar has entries that were made indirectly through the Add Participant permission or directly via the Create Items permission.  As mentioned above, the former is a document and the latter is a message.  If you want to give someone the ability to edit all items in a published calendar, then the user must have both  (Edit Read Only Items) permission to be able to edit those items entered indirectly and (Edit Items) permission to be able to edit those items entered directly.

Summary

As a summary, then, consider the following.

When you open a group or resource calendar and double click to start a new event, the following checks on permissions occur.

Does user have (Create Items)?

If yes, event is created directly within Group Calendar. Further permission checks are then done: Does user have (Edit Items), (View Unrestricted Details),  (Open Items), (Download Files and Attachments)? If yes, the newly created event actually opens for them and they can fill in the details. If not, they get a 1030 (access denied) error.

(Open Calendar) is also necessary or they wouldn't be able to start the event creation process in the first place

If user does not have (Create Items):

Does user have (Add Participants)?

If yes, is this calendar published in the directory?

If yes, original event created in user's personal calendar, this calendar is invited as a participant.

If the user does NOT have (Add Participants): 1030 error, event not created.

NOTE:

If the user has (Add Participants), but calendar not published the event gets created in the user's calendar but NOT in the group, location or resource calendar.

Who is displayed as the Inviter or owner on an event when you add an entry directly into another calendar?

If all of the above isn't confusing enough, there is one more permission that has an affect on how the calendar event appears.

If you have (Create Items) and (Edit Items) permission on a calendar and enter the event directly in that calendar, who is listed as the invitee?

The trigger permission is the (Edit Permissions) permission.

Without this permission, the Inviter is listed as the person who enters the event.

With this permission, the inviter is listed as the Group, Location or Resource Calendar

Where this has the greatest implication is when a personal calendar is aliased to someone else's desktop.

If the user has  (Edit Permissions) permission on that calendar, then all entries made in that user's calendar will appear as if they have been entered by the user himself.

Standard Permission Sets

Unlike conferences, the standard permission sets are not that useful except for personal calendars as some key permissions are missing for group, resource or location calendars.

Permission Set	Note
	Cannot view the calendar or schedule an event in the calendar
	Can view calendars but only see busy times.  All invitations to personal calendars will result in an email request going to the recipient
	Can schedule into a calendar indirectly from within one's own calendar.  The event is added directly into the personal, group, resource or location calendar.
	Can schedule into a calendar indirectly from within one's own calendar.  The event is added directly into the personal, group, resource or location calendar and can also view the busy times when the calendar is opened but no details
	Can schedule into a calendar indirectly from within one's own calendar.  The event is added directly into the personal, group, resource or location calendar and can also view the details on the events in the calendar on mouse over, but cannot open the event to see more information or download any attachments.
	Can schedule into the calendar indirectly through personal or other calendar or can enter directly into the calendar and not have copy entered into personal calendar.  User with this permission can not edit events posted indirectly (scheduled) by other users.

Individual Permissions

You can start with one of the standard permission sets and either add or remove additional permissions by clicking on the associated icon.

Permission		Explanation	Note
	Edit Permissions	Can edit the calendar/group permissions
	Moderator	Not really applicable to calendars at this point
	Delete any item	Can delete any item, including items posted by others
	Create Items	Can create events and tasks directly in the calendar without having it appear in your own calendar	If a user has this permission and the user attempts to enter the event directly in the calendar, the event is placed directly in this calendar but NOT in the user's personal calendar. (See  Add Participants as the alternate) The user must also have (Edit read-only items permission) to complete the entry.
	Edit read-only items	Can edit items that have been scheduled into the calendar by others.  (User must also have Edit Permissions)	Note:  This only applies if the Calendar was created by a user with Sub-Admin privilege.  Regular users cannot create and share their own calendars and subsequently be able to edit events that have been indirectly scheduled into the calendar even if they do have this permission.
	Edit Items	Can edit events that have been entered directly into the calendar and not scheduled in.
	Save window and view properties	Can change the default position, size and view properties of the calendar
	Approve Items	Can open and approve unapproved items.
	Delete own items	Can delete and change the properties of items either entered directly or scheduled into the calendar
	View unrestricted details	Can see the details of the event with sensitivity of normal	With this permission, when a user views a calendar and rolls the mouse over the event, a pop-up window displays the details of the event.   You do not need (Open Items Permission)
	Search items	Can search the calendar
	Add participants	Can schedule an event in this calendar either by directly entering the event or by using the Participants tab and entering the name or group calendar in the People Tab or the Location or Resource calendar in the Resources tab	If a user has this permission for a calendar but NOT (Create Items), and the user attempts to enter the event directly in the calendar, the event is placed in the users own Personal calendar and the event is scheduled into this calendar through the Participant's tab on the event in the user's calendar. Also note that the calendar must be published in the directory
	Open Items	Can open events and tasks in this calendar
	Download file & attachments	Can download any files attached to the calendar event or task
	View Permissions	Can view the Calendar permissions
	View History	Can view the history of the calendar
	Open Calendar	Can open the calendar