Construct XML to Update Access Control Lists
To update the Access Control Lists of items in Exchange, you must construct some XML that specifies the items to update, and provides information about how to change the ACL.
<identifiersXML> <identifier value="..."> <acl_update> ... </acl_update> </identifier> </identifiersXML>
In the identifier value
attribute, replace "..." with the identifier of the item that you want to update. Identifiers can be found using the identifiers fetch action. You can update the ACLs of several items by including more than one identifier
element in your XML:
<identifiersXML> <identifier value="..."> <acl_update> ... </acl_update> </identifier> <identifier value="..."> <acl_update> ... </acl_update> </identifier> </identifiersXML>
The following table describes the XML elements that you can use in the acl_update
element to specify how to change the ACL.
XML Element | Description | Permitted Occurrences |
---|---|---|
<ace action="...">
|
Add or remove an entry from the ACL. The The following child elements must all appear exactly once:
|
0 or more |
The following example demonstrates how to change the ACL for a folder in Exchange. It makes the following changes:
- removes all permissions from
someuser@mydomain.com
- grants the specified list of permissions to
otheruser@mydomain.com
<identifiersXML> <identifier value="BASE64IDENTIFIER=="> <acl_update> <ace action="remove"> <principal>someuser@mydomain.com</principal> <principalType>Email</principalType> <level>*</level> </ace> <ace action="add"> <principal>otheruser@mydomain.com</principal> <principalType>Email</principalType> <level>read, edit, delete, visible, createItems, createSubFolders, folderOwner, folderContact</level> </ace> </acl_update> </identifier> </identifiersXML>