Creating an ACE in XML

Topic Last Modified: 2006-06-11

There are two types of access control entries (ACEs) used in the XML security descriptor format. The access_allowed_ace element grants a trustee an access right, and the access_denied_ace element denies a trustee an access right.

The following example demonstrates how to create an access control entry for an Exchange store XML-formatted security descriptor.

JScript

Example

function createXMLAce(  XMLDom, prefix, bAccessAllowed, username, mask ) {

 var eAce;
 var eMask;
 var eId;

 if(XMLDom == null)
   throw "ERR: XMLDOMDocument passed was null";

 if(prefix != "")
   prefix += ":";

 if(bAccessAllowed)
   eAce = XMLDom.createNode(1,prefix +"access_allowed_ace", "https://schemas.microsoft.com/security/");
 else
   eAce = XMLDom.createNode(1,prefix +"access_denied_ace", "https://schemas.microsoft.com/security/");

 if(eAce == null)
   throw "ERR: created ACE was null!";

 eMask = getXMLMask(XMLDom, prefix, mask);
 eSid   = getXMLSID(XMLDom, prefix, username);
 eAce.appendChild(eMask);
 eAce.appendChild(eSid);
 return eAce;
}

function getXMLMask(XMLDom, prefix, mask) {

 var eMask = XMLDom.createNode(1, prefix + "access_mask", "https://schemas.microsoft.com/security/");
 eMask.appendChild(XMLDom.createTextNode(mask));
 return eMask;
}

function getXMLSID(XMLDom, prefix, username) {

 var eSid = XMLDom.createNode(1,prefix + "sid", "https://schemas.microsoft.com/security/");
 var eName;
 eName = XMLDom.createNode(1, prefix + "nt4_compatible_name", "https://schemas.microsoft.com/security/");
 eName.appendChild(XMLDom.createTextNode(username));
 eSid.appendChild(eName);

 return eSid;

}