difference between send-as rights vs send on behalf

  • Thread starter sawyer
  • Start date Views 7,070
Status
Not open for further replies.
S

sawyer

Exchange 2007 sp2

What is the difference between granting send on behalf of vs granting

send-as permission? The two rights seem to allow for the same thing. Here is

my situation

userB has been granted full mailbox rights on mailboxA, userB has also been

granted "send on behalf of" rights on mailboxA. UserB can open mailboxA and

can send emails as mailboxA, but the sent email doesn't say it was "sent on

behalf of mailboxA" the sent email just looks like mailboxA sent the email.

If I run the command

get-adpermission mailboxA -user userB

the output of this command shows nothing, which means that userB has no AD

permissions over mailboxA, and therefore shouldn't be able to send emails as

mailboxA. If that is true then how is userB able to send email as mailboxA

without the sent email saying "email was sent from userB on behalf of userA"

This is what I don't understand

Thanks
 
R

Rich Matheisen [MVP]

On Wed, 9 Dec 2009 09:23:08 -0800, "sawyer" <occompguy@cox.net> wrote:


> Exchange 2007 sp2

> What is the difference between granting send on behalf of vs granting
> send-as permission? The two rights seem to allow for the same thing.


But they don't. :)

If you look at the headers of a message sent by someone with "Send on

behalf of" permission on another mailbox you'll see a "From:" header

and a "Sender:" header.

If you look at the headers of a message send by someone with "Send As"

permission on a mailbox you'll see just the "From:" header.

The "Send on behalf of" is delegation. The "Send As" is impersonation.


> Here is
> my situation

> userB has been granted full mailbox rights on mailboxA, userB has also been
> granted "send on behalf of" rights on mailboxA. UserB can open mailboxA and
> can send emails as mailboxA, but the sent email doesn't say it was "sent on
> behalf of mailboxA" the sent email just looks like mailboxA sent the email.
> If I run the command

> get-adpermission mailboxA -user userB

> the output of this command shows nothing, which means that userB has no AD
> permissions over mailboxA, and therefore shouldn't be able to send emails as
> mailboxA. If that is true then how is userB able to send email as mailboxA
> without the sent email saying "email was sent from userB on behalf of userA"

> This is what I don't understand


You're assuming that UserB isn't a member of a group that has "Send

As" permission on the mailbox, perhaps inherited from another parent

container.

Rather than looking for a specific user, look for ANY security

principal with that permission, inherited or not.

-
Rich Matheisen

 
Status
Not open for further replies.
Top