Platform SDK: Exchange Server

Setting Access Controls

In a group-enabled environment, users and applications can set access controls on objects to prevent unauthorized access to objects in a schedule file.

Access controls are defined within the AccessControls table, which consists of individual Access items. Each of these items can be visualized as a row in the AccessControls table. Each row in the table identifies a user and a set of access privileges that apply to that user. The following figure shows the properties that define the user and the access controls.

Note  The AccessLists and TableList properties are not accessible if the AccessDefault property is set to saclOwner.

Specify access controls for the user by setting the appropriate values in the multivalued properties AccessLists and TableList. The AccessLists property is a list of integer values that define the access level for each table in the AccessLists property. The TableList property is a list of tables the user is restricted from accessing. The values in the AccessLists and TableList properties must be listed in the same order.

The UserSearchKey, UserEntryId, and UserDisplay properties identify the user to which the access controls apply.

The following table shows access levels that can be defined for each table in the schedule.

Value Meaning
0 No access
1 Minimal (read-only free or busy time for the schedule)
2 Read
3 Create
4 Write
5 Owner

The AccessDefault property is the default access level that is granted to the user for all tables whose access is not explictly given in the AccessLists and AccessControls properties. If the AccessLists and TableList properties have no entries or are not present, other users can access all tables with the access level specified in the AccessDefault property.

Define rows in the AccessControls table only for users whose access rights you explicitly want to set. For all other users in the organization, set the values in the first row of the table, which is called the default row. The default row is a special row that consists of default access controls for all users not listed in other rows of the table. In the default row, the UserSearchKey and UserEntryId properties must be set to Null. The AccessDefault, AccessLists, and TableList properties can be set to any valid values.

Note  The ReceiveMeetingRequest property identifies whether the user is a delegate to the meeting and receives all of the schedule owner’s meeting requests. This property should not be set on the default row.

The following sample code modifies the default access for the user’s default row:

Public Sub ModifyAcls()
    Dim objAccessControls As Object
    Dim objAccess As Object
    
    Set objAccessControls = objSchedule.AccessControls
    
    ' Get the default row
    objAccessControls.SetRestriction "UserEntryId", "", "=="
    Set objAccess = objAccessControls.Item
    
    ' Print out the default access
    Debug.Print objAccess.AccessDefault
    
    ' Change the default access to be None
    objAccess.SetProperties AccessDefault:=CLng(0)
    
    ' Release the objects
    Set objAccess = Nothing
    Set objAccessControls = Nothing
End Sub