Platform SDK: Exchange Server |
The ACL component provides services that can be used to manipulate access control entries on Microsoft Exchange Information Store folders. It provides two COM classes that can be created, the ACLObject and the ACE classes. The ACLObject COM class can be used to modify or examine the access control entries on a folder. It has two properties accessible through the exposed IACLObject interface, IACLObject::CDOItem and IACLObject::ACEs. The CDOItem property is write-only and is used to bind the desired CDO 1.2.1 folder object (and hence the MAPI folder) to the ACLObject object.. Once a folder is bound, the ACLObject object internally creates and populates an instance of the ACEs COM class, which is a collection of ACE objects, each containing an access control entry for the folder. You can use the ACEs object to manipulate the collection by adding new objects and deleting or modifying existing objects. To commit changes to the store, call the Update method. The ACE objects are stored in the collection as a list and as a dictionary of entries, where the key is the long-term entry identifier for the member, and the value is the ACE object. The ACE objects can therefore be retrieved from the collection using a valid index or a key.
The ACLObject uses MAPI to communicate with the Microsoft Exchange Store. If the process or thread that will create the ACLObject is not running with administrative privileges, a MAPI session must first be established before creating an instance of the ACLObject