Permission levels should be set according to the privilege your Calendar Browser users require.
Typically most Calendar Browser users would require Editor or Publishing Editor to add/remove/change bookings on a public folder calendar. But this could be fine-tuned according to the level of accessibility you want with your users.
The owner of the Calendar Browser public folder usually grant/sets permission level for other users in case of public folder calendars.
With respect to direct booking mailbox, the mailbox owner has to set/grant permission over its calendar.
This is a brief description on the privileges/permission levels available:
Can create, read, edit, and delete any item in the folder. An owner can also create sub-folders and modify permissions for all other users of the folder.
Can create and read items, but cannot edit any items. A nonediting author can delete only his own items.
Can create, read, edit, and delete any item in the folder as well as create sub-folders. A publishing editor cannot modify permissions.
Can create items only.
Can create, read, edit and delete all items in the folder but cannot create subfolders.
Can read items, but not create or edit items.
Can create, read, edit, and delete their own items, but cannot modify or delete others’ items.
Any combination of permissions not explicitly described earlier in this table.
Can create and read all items, as well as edit and delete their own items. A publishing author can also create subfolders.
Cannot view the folder.