Platform SDK: Exchange Server |
You can use either the IExchangeModifyTable interface or the ACL COM component and Collaboration Data Objects (CDO) to add, delete, and edit members of a folder's access control list (ACL).
An ACL is a MAPI table, which means it can be accessed through the IExchangeModifyTable interface. To obtain IExchangeModifyTable, call the IMAPIProp::OpenProperty method on any property of type PT_OBJECT. This interface contains the following methods:
IExchangeModifyTable::GetLastError
IExchangeModifyTable::GetTable
IExchangeModifyTable::ModifyTable
The ACL COM component, provided in the Platform SDK as a sample, can also be used to manage the access control list (ACL) for a folder. It provides a more object-oriented view of the ACL, with each individual access control entry (ACE) represented by an ACE object. To use the ACL component, you must use the Collaboration Data Objects (CDO) 1.21 COM component to access a particular folder. In many cases, such as in ASP applications, this is desirable since you would most likely be working with scripting languages which can only access objects exposing the IDispatch interface.
A folder ACL can be represented by a bound instance of the ACLObject COM class. You bind the specific folder by setting the IACLObject::CDOItem property to a CDO Folder object reference. Once you have bound the folder, the ACLObject object retrieves the ACL table for the folder and internally creates a collection of ACE objects. Each ACE object contains a particular access control entry. You can then modify the ACL by manipulating the ACEs collection. Each ACE object essentially holds an ID (entry ID) and a set of access-allowed rights.
The following example demonstrates using CDO 1.21 and the ACL component to access the ACL for a person's InBox folder.
Set CDOSession = CreateObject("MAPI.Session") CDOSesion.logon Set MyInbox = CDOSession.Inbox Set InboxAcl = CreateObject("MSExchange.ACLObject") Set InboxAcl.CDOItem = MyInbox For each AceObject in InboxAcl.Aces Wscript.echo AceObject.Name ... Next AceObject Set InboxAcl = Nothing CDOSession.Logoff Set CDOSession = Nothing
For general information on ACLs, see About Access Control Lists.