Platform SDK: Exchange Server

Adding a New ACL Member

The following example demonstrates how to go about adding a new entry to a folder's access control list. Assume we have a current CDO Session object and have retrieved the folder for which we wish to modify the ACL. The Folder object reference is stored in the fldr variable, and the Session is stored in the session variable in the example below.

Const ROLE_AUTHOR = &H41b
'     This value is defined in the Type Library for the
'   Component and is convenient for Java, C++ and Visual
'   Basic to use with "intelli-sense"  We must hard-code
'   it here for our script
'     This value is the same as "or ing the rights together
'   For example, this would work too:
'
'    Const RIGHTS_EDIT_OWN       = &H8
'    Const RIGHTS_CREATE_ITEMS   = &H2
'    Const RIGHTS_FOLDER_VISIBLE = &H400
'    Const RIGHTS_READ_ITEMS     = &H1

'   Const ROLE_AUTHOR = RIGHTS_EDIT_OWN _
                        or RIGHTS_CREATE_ITEM _
                        or RIGHTS_READ_ITEMS _
                        or RIGHTS_FOLDER_VISIBLE

set acl = createobject("MSExchange.aclobject")
set acl.cdoitem = fldr  ' previously retrieved CDO folder object
set fldr_aces = acl.aces

      ' create a new ace and bind member
set newace = createobject("MSExchange.ACE")
      ' fetch and use the GAL
set gal = session.addresslists.item(1)
      ' one can use memberid or name
set member = gal.addressentries.item("member_name")
newace.ID = member.id
newace.rights = CLng(ROLE_AUTHOR) ' role author

fldr_aces.add newace  ' add the ACE to the collection

acl.Update

   

Note the use of the CLng function in VBScript when setting the Rights property. This is to make sure that VBScript does not sent a reference to a VARIANT (VT_BYREF|VT_VARIANT) in the IDispatch::Invoke call (DISPATCH_PROPERTYPUT) to the newace object.