Security in an Event Sink
Security in an Event Sink
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
Synchronous events can obtain an OLE DB session object from the IExStoreEventInfo Interface that is passed to the method that handles the event in the sink. This opens a session that is logged on as the user who caused the event to occur. Therefore, the event sink has access to the event item, the mailbox, or the public folder in which the event occurred, and to any items in the store in which the event occurred that the logon account has access to.
Note Logon sessions are scoped such that an event sink cannot access more than one store. For example, a synchronous event sink handling an item in a public folder does not have access to the mailbox of the user who caused the event.
The OnTimer event does not have context or scope.
An event sink that could be used improperly or that could cause problems if registered in certain folders should implement the ICreateRegistration Interface. The ICreateRegistration Interface allows you to programmatically deny event registration requests or to respond to an event registration item when it is modified, moved, copied, or replicated.
This section contains the following topics:
Related Topics
Send us your feedback about the Microsoft Exchange Server 2003 SDK.
Build: June 2007 (2007.618.1)
© 2003-2006 Microsoft Corporation. All rights reserved. Terms of use.