Platform SDK: Exchange Server

Modifying ACLs

The following Visual Basic, Scripting Edition (VBScript) example demonstrates how to use instances of the ACLObject COM class to modify an entry in a folder's access control list. In this case, assume we have an entry where we'd like to set the Role to Publishing Author. The script below would retrieve the entry (ACE object) and update its currently set IACE::Rights property. It finishes with a call to IACLObject::Update.

Const ROLE_PUBLISH_AUTHOR = &H49b

'     This value is defined in the Type Library for the
'   Component and is convenient for Java, C++ and Visual
'   Basic to use with "intelli-sense"  We must hard-code
'   it here for our script
'     This value is the same as "or ing the rights together
'   For example, this would work too:
'
'    Const RIGHTS_EDIT_OWN          = &H8
'    Const RIGHTS_CREATE_ITEMS      = &H2
'    Const RIGHTS_FOLDER_VISIBLE    = &H400
'    const RIGHTS_CREATE_SUBFOLDERS = &H80
'    Const RIGHTS_READ_ITEMS        = &H1

'   Const ROLE_AUTHOR = RIGHTS_EDIT_OWN _
                        or RIGHTS_CREATE_ITEM _
                        or RIGHTS_READ_ITEMS _
                        or RIGHTS_FOLDER_VISIBLE _
                        or RIGHTS_CREATE_SUBFOLDERS

set acl = createobject("MSExchange.aclobject")
set acl.cdoitem = fldr  ' previously retrieved CDO folder object
set fldr_aces = acl.aces
'  assume we have a member id stored in memberid
set ace = acl.aces.item(member_id)
ace.Rights = ROLE_PUBLISH_AUTHOR
acl.Update