Wisc Account Administration - Permission Repair Tool
Mailbox permissions (full, send as, and send on behalf) are not a value that can be quickly obtained from Microsoft for a given account. There are situations in which that information is needed immediately. As a result, permission data is stored in local storage where it can be queried in a timely and reliable manner.
Current workflow to manage mailbox permissions
- Mailbox permissions are assigned in the Wisc Account Administration Site
- The Wisc Account Administration Site records the permission on the account in a local data store
- A job is added to a queue that will apply the permission in Office 365 within a few minutes
Issue with current workflow
There are circumstances where the permissions that were recorded locally and those that exist in Office 365 can differ. This can happen for a number of reasons, including but not limited to:
- The permission failing to be properly applied in Office 365
- Some other activity adding or removing the permission in Office 365
- Multiple changes to the same permission in a short time frame
How will the Permission Repair Tool mitigate the issue?
Despite efforts to reduce the occurrences of inconsistent permissions between the local store and what is in Office 365, the issue is still somewhat prevalent. To identify and remediate these inconsistencies, the Permission Repair Tool was created.
How does the Permission Repair Tool work?
- User clicks the Validate Permissions button on the Permission Repair Tool page
- For each of the three permissions, a call out is made to Microsoft to gather the permissions as they exist in Office 365
- For each of the three permissions, expected permissions stored locally are gathered
- The Office 365 permissions are compared to what is believed to exist locally
- Discrepancies are displayed with options to "Reapply" or "Remove"
What is the "Reapply" option?
The "Reapply" option will always be available for inconsistent permissions. It is the only option for inconsistent "full" and "send as" permissions which are required for linked NetIDs. When "Reapply" is clicked, if the permission is absent in Office 365 but stored locally, it will queue a job to add the permission to Office 365. If the permission is absent locally but present in Office 365, clicking "Reapply" will add the permission to the local store.
What is the "Remove" option?
The "Remove" option is only possible for inconsistent permissions that aren't provided through linking. If the permission is present locally but not applied to the account in Office 365, clicking "Remove" will delete the permission from the local store. If the permission is present in Office 365 but stored locally, clicking "Remove" will queue a job to remove the permission from Office 365.
Note: The Repair Permissions Tool does not automatically take any action on inconsistent permissions. The user or authorized administrator of the account must click the "Remove" or "Reapply" button the remediate the inconsistent permission(s).