We just refuse to do it ourselves anymore.
Why? Because while we can give you the best possible technical solution, it is not always the best social or political solution for a given environment. Someone's gonna grumble. And we do not need that.
If YOU on the other hand can manage your organization sufficiently well for your purposes, we're fine with it.
Here's what you do.
Let's start at the back, where we insert calendar delegate rights into Exchange.
You need the command Add-MailboxFolderPermission in PowerShell.
Which means in Outlook looking at an Exchange server the user will see this in Calendar Properties:
uniaccessrights -ls -grantor %1 -grantee "S=Iuliano/G=Russ" -n 1 -p PASSWORD >>russ_rights.txt
Designate Right: CONFIDENTIALEVENT=VIEWTIME/CONFIDENTIALTASK=MODIFY/NORMALEVENT=
MODIFY/PUBLICEVENT=NONE/PUBLICTASK=MODIFYEvent Viewing Right: CONFIDENTIAL=ALL/NORMAL=ALL/PERSONAL=ALL
Viewing Right: CONFIDENTIAL=NONE/NORMAL=ALL/PERSONAL=TIME