Shared Mailbox Access Request

Validate shared mailbox access requests, apply mailbox-owner approvals, and update permissions safely.

Book a demo
  1. # Agent role
  2. You are the Shared Mailbox Access Request agent. You manage one request from intake to closure, using policy knowledge, approved tools, and human escalation when required.
  4. # Inputs
  5. - request_id: the tracked request row
  6. - requester: the authenticated employee who submitted the request
  7. - summary: the user's description of what they need
  8. - business_justification: why the request is needed
  9. - target_system_or_record: the relevant application, record, customer, vendor, invoice, device, or account
  11. # Instructions
  12. 1. Confirm the requester is authenticated and that the request belongs to this operation.
  13. 2. Gather missing details in Slack or Teams before taking action. Use connected systems to retrieve context first, then ask the requester only for details that cannot be found.
  14. 3. Check the policy knowledge source before approving, rejecting, or escalating. Do not invent policy rules.
  15. 4. Auto-resolve by following the operation-specific steps in `# Auto-resolution`. Do not stop at a recommendation if the required tool call is permitted and the response is unambiguous.
  16. 5. Escalate when approval is required, risk is unclear, data conflicts, or the requested action is outside the agent's permissions.
  17. 6. Update the request row and write an audit entry for every decision, tool action, escalation, and closure.
  18. 7. Reply to the requester with a concise status update and next step.
  20. # Tool use
  21. - Use {{ budibase.Shared Mailbox Access Requests.get_row }} and {{ budibase.Shared Mailbox Access Requests.update_row }} to maintain request state.
  22. - Use {{ budibase.Shared Mailbox Access Audit Log.create_row }} to log decisions and actions.
  23. - Use notification tools only for requester updates, approver handoff, or operational escalation.
  25. # Auto-resolution
  26. - Use {{ microsoftGraph.get_mailbox }} to verify the shared mailbox and owner.
  27. - Use {{ microsoftGraph.get_user }} to verify the requester and target user.
  28. - If policy allows the access level, use {{ microsoftGraph.add_mailbox_permission }} for read access or {{ microsoftGraph.add_send_as_permission }} for send-as access.
  29. - If owner approval or security review is required, notify the mailbox owner before changing permissions.
  30. - Reject requests for unknown mailboxes, external users, or access types that policy forbids.
  32. # Output
  33. Return JSON with request_id, status, decision, rationale, next_owner, and actions_taken.

Overview

Validate shared mailbox access requests, apply mailbox-owner approvals, and update permissions safely. The operation is designed as a single agent-led workflow: every request is tracked, every decision is logged, and humans step in only when policy or risk requires it.

Request

A requester submits a shared mailbox access request through Slack, Teams, or the Shared Mailbox Access Form, creating a tracked request row.

Agent Triage

The agent confirms the request type, retrieves context from Microsoft Graph and mailbox ownership records, checks the relevant policy source, and asks for any missing details in chat.

Agent Resolution

Where policy permits, the agent completes access for pre-approved team mailboxes where requester role and owner policy match and records the outcome without waiting for manual handling.

Escalation

The agent escalates sensitive mailboxes, send-as permissions, external users, or missing owner approval to the responsible owner with a decision summary and supporting context.

Human Resolution

An approver reviews the escalation in chat or the Mailbox Owner Review Queue, then approves, rejects, or returns it for more information.

We’ve created this example workflow to help you get started building your own Shared Mailbox Access Request.

Agents

The Shared Mailbox Access Request agent manages intake, policy checks, tool actions, escalation, requester updates, and closure for this operation.

# Agent role
You are the Shared Mailbox Access Request agent. You manage one request from intake to closure, using policy knowledge, approved tools, and human escalation when required.


# Inputs
- request_id: the tracked request row
- requester: the authenticated employee who submitted the request
- summary: the user's description of what they need
- business_justification: why the request is needed
- target_system_or_record: the relevant application, record, customer, vendor, invoice, device, or account


# Instructions
1. Confirm the requester is authenticated and that the request belongs to this operation.
2. Gather missing details in Slack or Teams before taking action. Use connected systems to retrieve context first, then ask the requester only for details that cannot be found.
3. Check the policy knowledge source before approving, rejecting, or escalating. Do not invent policy rules.
4. Auto-resolve by following the operation-specific steps in `# Auto-resolution`. Do not stop at a recommendation if the required tool call is permitted and the response is unambiguous.
5. Escalate when approval is required, risk is unclear, data conflicts, or the requested action is outside the agent's permissions.
6. Update the request row and write an audit entry for every decision, tool action, escalation, and closure.
7. Reply to the requester with a concise status update and next step.


# Tool use
- Use {{ budibase.Shared Mailbox Access Requests.get_row }} and {{ budibase.Shared Mailbox Access Requests.update_row }} to maintain request state.
- Use {{ budibase.Shared Mailbox Access Audit Log.create_row }} to log decisions and actions.
- Use notification tools only for requester updates, approver handoff, or operational escalation.


# Auto-resolution
- Use {{ microsoftGraph.get_mailbox }} to verify the shared mailbox and owner.
- Use {{ microsoftGraph.get_user }} to verify the requester and target user.
- If policy allows the access level, use {{ microsoftGraph.add_mailbox_permission }} for read access or {{ microsoftGraph.add_send_as_permission }} for send-as access.
- If owner approval or security review is required, notify the mailbox owner before changing permissions.
- Reject requests for unknown mailboxes, external users, or access types that policy forbids.


# Output
Return JSON with request_id, status, decision, rationale, next_owner, and actions_taken.

Data

Tables

Shared Mailbox Access Requests: Stores the request, requester, target record, status, current owner, decision, and closure details.

  • request_id : Text - Unique request identifier.
  • requester : User - Authenticated employee who submitted the request.
  • summary : Long Form Text - Short description of the request.
  • target_record : Text - Relevant account, system, vendor, customer, asset, invoice, or application.
  • status : Single Select - New, Triaging, Waiting, Escalated, Completed, Rejected, or Closed.
  • priority : Single Select - Low, Medium, or High.
  • decision : Single Select - Approved, Rejected, Escalated, or Cancelled.
  • rationale : Long Form Text - Agent or approver explanation.
  • created_at : Date - Request creation timestamp.
  • closed_at : Date - Completion timestamp, if closed.
request_id,requester,summary,target_record,status,priority,decision,rationale,created_at,closed_at
IT-1048,emma.clarke@example.com,"Please process this shared mailbox access request.","Example target",Escalated,High,Escalated,"Requires owner approval.",2026-05-18T09:15:00.000Z,

Shared Mailbox Access Audit Log: Records agent decisions, tool calls, escalations, notifications, and human actions.

  • event_id : Text - Unique audit event identifier.
  • request_id : Text - Related request identifier.
  • actor : Text - Agent, requester, approver, or integration name.
  • event_type : Single Select - Message, Tool Call, Decision, Escalation, Approval, Rejection, or Closure.
  • details : JSON - Structured event details.
  • created_at : Date - Event timestamp.
event_id,request_id,actor,event_type,details,created_at
EVT-2048,IT-1048,Shared Mailbox Access Request Agent,Escalation,"{""reason"":""Policy requires owner review""}",2026-05-18T09:18:00.000Z

Connections

SlackTeamsMicrosoft Graph APISharepointSMTP

Slack: Receives shared mailbox access requests, collects the mailbox name and requested permission level, and notifies the requester when access changes are complete.

Teams: Provides Teams-based request intake and approval prompts for mailbox owners or IT reviewers.

Microsoft Graph API: Looks up mailbox ownership and applies approved mailbox permission changes in Microsoft 365.

Sharepoint: Stores mailbox ownership guidance, access policy, and approval records used to validate the request.

SMTP: Sends email confirmations to the requester and mailbox owner after approval, rejection, or permission updates.

Adding Knowledge

The agent uses Confluence or SharePoint as a knowledge source when policy guidance, approval thresholds, ownership rules, or standard operating procedures are needed. The agent retrieves the relevant policy before deciding whether to auto-resolve, reject, or escalate a request.

Screens

Shared Mailbox Access Request

Id Request Priority Status
IT-1048 Shared Mailbox Access Request for Emma Clarke High Needs Review
IT-1047 Policy check completed for Northstar account Medium In Progress
IT-1046 Standard request from Daniel Reed Low Completed
IT-1045 Exception raised by Revenue Ops manager High Escalated
IT-1044 Missing details requested from Priya Shah Medium Waiting
IT-1043 Auto-resolved after policy lookup Low Completed
IT-1042 Approval reminder sent to owner Medium Waiting
IT-1041 Duplicate request closed by agent Low Closed
IT-1040 High-priority request from field team High In Progress
IT-1039 Audit log updated for completed request Low Completed

Shared Mailbox Access Form: A structured request screen for employees who need to provide required fields, attachments, or target record details that are awkward to collect in chat.

Mailbox Owner Review Queue: A queue for approvers and operations owners to review escalated requests, see the agent’s rationale, and record a final decision.

Request Detail: A record view that shows request metadata, conversation history, audit events, tool outcomes, and final resolution.

Automations

Create Request Record: On Create Row - Sets the initial status, priority, timestamps, and default owner when a new request is submitted.

Invoke Shared Mailbox Access Request Agent: On Create Row - Sends the request context to the agent for triage and policy evaluation.

Escalation Reminder: On Update Row - Notifies the current approver when an escalated request has not moved within the expected review window.

Close Request Audit: On Update Row - Writes a final audit event and sends the requester a closure update when the request is completed, rejected, or cancelled.