Share via

Updating an Item's Security Descriptor

  • Article

Updating an Item's Security Descriptor

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

To update an item's security descriptor, you need only modify the XML representation of the descriptor and save the updated XML back to the item's descriptor Field. To update the respective parts of the item's descriptor, you must have the proper access rights (READ_CONTROL, WRITE_DAC, or WRITE_OWNER).

If you want to update only a portion of an item's security descriptor, you can leave out the other sections of the descriptor in the XML stream. For example, if you want to update only the discretionary access control list (DACL) for an item, you can leave out the <S:owner>, <S:group>, and <S:sacl> portions in the XML stream. When an entire section is not present in the update XML, this portion of the item's descriptor does not change.

The following example demonstrates how to update an item's security descriptor.

JScript

/*
** putSecurityDescForItem

** This function uses the WebDAV protocol to update
** an item's https://schemas.microsoft.com/exchange/security/descriptor
** property.
**   url      - URL to the item.
**   vSource  - Either XML text or an XMLDOM object reference.
**   username - Username used to authenticate with IIS.
**   password - Password used to authenticate with IIS.
*/
function putSecurityDescForItem( url , vSource , username, password) {

 var sendXMLDOM;
 if(typeof(vSource) == "string") {
   sendXMLDOM = new ActiveXObject("Microsoft.XMLDOM");
   sendXMLDOM.loadXML(vSource);
 }
 else if(typeof(vSource) == "object") {
   sendXMLDOM = vSource;
 }
 else {
  throw "ERR-putSecurityDescForItem: Invalid Argument";
 }

 var xmlDom = new ActiveXObject("Microsoft.XMLDOM");
 var pi     = xmlDom.createProcessingInstruction("xml","version=\"1.0\"");
 var root   = xmlDom.createNode(1, "propertyupdate", "DAV:");
 var e1     = xmlDom.createNode(1, "set","DAV:");
 var e2     = xmlDom.createNode(1, "prop", "DAV:");
 var e3    =  xmlDom.createNode(1, "a:descriptor","https://schemas.microsoft.com/exchange/security/");

 root.appendChild(e1);
 e1.appendChild(e2);
 e2.appendChild(e3);
 e3.appendChild(sendXMLDOM.documentElement);

 xmlDom.appendChild(pi);
 xmlDom.documentElement = root;

 var Req = new ActiveXObject("Microsoft.XMLHTTP");
 Req.open("PROPPATCH", url, false, username, password);
 Req.setRequestHeader("Content-Type","text/xml");
 Req.setRequestHeader("Translate","f");
 Req.send(xmlDom.xml);

 if(Req.status != "207") {
   var errstr = "ERR: HTTP server returned status=" + Req.status
   errstr    += "\r\nError: HTTP server returned status=" + Req.status;
   errstr    += "       Status text: " + Req.statusText;
   errstr    += "       Response Text: " + Req.responseText;
   throw errstr;
 }

 return Req.responseXML;

}

Send us your feedback about the Microsoft Exchange Server 2003 SDK.

Build: June 2007 (2007.618.1)

© 2003-2006 Microsoft Corporation. All rights reserved. Terms of use.