Partager via


Updating an Item's Security Descriptor

Topic Last Modified: 2006-06-12

To update an item's security descriptor, you need only modify the XML representation of the descriptor and save the updated XML back to the item's descriptor Field. To update the respective parts of the item's descriptor, you must have the proper access rights (READ_CONTROL, WRITE_DAC, or WRITE_OWNER).

If you want to update only a portion of an item's security descriptor, you can leave out the other sections of the descriptor in the XML stream. For example, if you want to update only the discretionary access control list (DACL) for an item, you can leave out the <S:owner>, <S:group>, and <S:sacl> portions in the XML stream. When an entire section is not present in the update XML, this portion of the item's descriptor does not change.

The following example demonstrates how to update an item's security descriptor.

JScript

Example

/*
** putSecurityDescForItem

** This function uses the WebDAV protocol to update
** an item's https://schemas.microsoft.com/exchange/security/descriptor
** property.
**   url      - URL to the item.
**   vSource  - Either XML text or an XMLDOM object reference.
**   username - Username used to authenticate with IIS.
**   password - Password used to authenticate with IIS.
*/
function putSecurityDescForItem( url , vSource , username, password) {

 var sendXMLDOM;
 if(typeof(vSource) == "string") {
   sendXMLDOM = new ActiveXObject("Microsoft.XMLDOM");
   sendXMLDOM.loadXML(vSource);
 }
 else if(typeof(vSource) == "object") {
   sendXMLDOM = vSource;
 }
 else {
  throw "ERR-putSecurityDescForItem: Invalid Argument";
 }

 var xmlDom = new ActiveXObject("Microsoft.XMLDOM");
 var pi     = xmlDom.createProcessingInstruction("xml","version=\"1.0\"");
 var root   = xmlDom.createNode(1, "propertyupdate", "DAV:");
 var e1     = xmlDom.createNode(1, "set","DAV:");
 var e2     = xmlDom.createNode(1, "prop", "DAV:");
 var e3    =  xmlDom.createNode(1, "a:descriptor","https://schemas.microsoft.com/exchange/security/");

 root.appendChild(e1);
 e1.appendChild(e2);
 e2.appendChild(e3);
 e3.appendChild(sendXMLDOM.documentElement);

 xmlDom.appendChild(pi);
 xmlDom.documentElement = root;

 var Req = new ActiveXObject("Microsoft.XMLHTTP");
 Req.open("PROPPATCH", url, false, username, password);
 Req.setRequestHeader("Content-Type","text/xml");
 Req.setRequestHeader("Translate","f");
 Req.send(xmlDom.xml);

 if(Req.status != "207") {
   var errstr = "ERR: HTTP server returned status=" + Req.status
   errstr    += "\r\nError: HTTP server returned status=" + Req.status;
   errstr    += "       Status text: " + Req.statusText;
   errstr    += "       Response Text: " + Req.responseText;
   throw errstr;
 }

 return Req.responseXML;

}