The permissions specification for the folder.
The Permissions parameter has two modes. The first mode allows
you to set the folder Access Control List (ACL) according to input
that you specify, while the second mode allows you to modify the
ACL. In either case, the default configuration of the Everyone and
Anonymous groups in the ACL are not supported. The reason is that
these groups can span hosted organizations and open security
holes.
The basic format of the <permissions> node is:
<Permissions mode="update">
<Permission role="mapi role">ldap path </Permission>
</Permissions>
The mode attribute must be set to either "update" or "set." When
set to "update", this allows you to change the Access Control Entry
(ACE). The Permissions parameter doesn't cause a merging with
existing ACEs, but replaces them instead. The "set" mode replaces
the entire ACL on the folder and configures it to the values
specified in the <permissions> node.
The mapi role attribute can have any of the following
values:
- "owner"
- "publishing editor"
- "author"
- "editor"
- "publishing author"
- "non editing author"
- "contributor"
- "none"
These values correspond to the Messaging Application Programming
Interface (MAPI) roles that are exposed in the MAPI ACL editor.
Please refer to this editor to view the specific rights that are
granted with each role.
The ldap path in each <permission> node must refer to an
entity that is mail/mailbox- enabled. This is required because
without an Exchange legacy DN, MAPI will not properly manipulate
the ACLs and users without causing a failure.
|