2.2 Message Syntax
The security descriptor property adds to the set of WebDAV properties, as specified in [RFC2518] section 13. The WebDAV Protocol Security Extensions use the PROPFIND and PROPPATCH WebDAV methods specified in [RFC2518] sections 8.1 and 8.2 to get and set this property. This property is an XML representation of a security descriptor. The type of this property is specified by using XML schema definition (XSD) grammar, as specified in [XMLSCHEMA1/2]. This property is represented by the descriptor XML element, which extends the security_descriptor element defined in the http://schemas.microsoft.com/security/ XML namespace. The XSD for this property is defined as follows.
-
<?xml version="1.0" encoding="utf-8" ?> <xs:schema xmlns:S="http://schemas.microsoft.com/security/" xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace="http://schemas.microsoft.com/security/" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <!-- Bool is defined to be either 1 or 0 --> <xs:simpleType name="bool"> <xs:restriction base="xs:boolean"> <xs:pattern value="0|1" /> </xs:restriction> </xs:simpleType> <!-- Globally Unique Identifier [MS-DTYP] --> <xs:simpleType name="guid"> <xs:restriction base="xs:string"> <xs:pattern value="\{[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}\}" /> </xs:restriction> </xs:simpleType> <xs:simpleType name="type_string"> <xs:restriction base="xs:string"> <xs:enumeration value="user" /> <xs:enumeration value="group" /> <xs:enumeration value="domain" /> <xs:enumeration value="alias" /> <xs:enumeration value="well_known_group" /> <xs:enumeration value="deleted_account" /> <xs:enumeration value="invalid" /> <xs:enumeration value="unknown" /> <xs:enumeration value="computer" /> </xs:restriction> </xs:simpleType> <xs:element name="display_name" type="xs:string" /> <xs:element name="ad_object_guid" type="S:guid" /> <xs:element name="type" type="S:type_string" /> <xs:element name="nt4_compatible_name" type="xs:string" /> <xs:element name="string_sid" type="xs:string" /> <xs:complexType name="NT_Sid"> <xs:sequence> <xs:element minOccurs="0" ref="S:string_sid" /> <xs:element minOccurs="0" ref="S:type" /> <xs:element minOccurs="0" ref="S:nt4_compatible_name" /> <xs:element minOccurs="0" ref="S:ad_object_guid" /> <xs:element minOccurs="0" ref="S:display_name" /> </xs:sequence> </xs:complexType> <xs:complexType name="sid"> <xs:sequence> <xs:element name="sid" type="S:NT_Sid" /> </xs:sequence> </xs:complexType> <xs:element name="access_mask"> <xs:simpleType> <xs:restriction base="xs:hexBinary"> <xs:minLength value="1" /> <xs:maxLength value="8" /> </xs:restriction> </xs:simpleType> </xs:element> <xs:complexType name="ace_T"> <xs:sequence> <xs:element ref="S:access_mask" /> <xs:element name="sid" type="S:NT_Sid" /> </xs:sequence> <xs:attribute name="inherited" type="S:bool" /> </xs:complexType> <xs:complexType name="inheritable_ace_T"> <xs:complexContent mixed="false"> <xs:extension base="S:ace_T"> <xs:attribute name="no_propagate_inherit" type="S:bool" /> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="aces"> <xs:sequence> <xs:element minOccurs="0" maxOccurs="unbounded" name="access_allowed_ace" type="S:ace_T" /> <xs:element minOccurs="0" maxOccurs="unbounded" name="access_denied_ace" type="S:ace_T" /> <xs:element minOccurs="0" maxOccurs="unbounded" name="system_audit_ace" type="S:ace_T" /> </xs:sequence> </xs:complexType> <xs:complexType name="inheritable_aces"> <xs:sequence> <xs:element minOccurs="0" maxOccurs="unbounded" name="access_allowed_ace" type="S:inheritable_ace_T" /> <xs:element minOccurs="0" maxOccurs="unbounded" name="access_denied_ace" type="S:inheritable_ace_T" /> <xs:element minOccurs="0" maxOccurs="unbounded" name="system_audit_ace" type="S:inheritable_ace_T" /> </xs:sequence> </xs:complexType> <xs:element name="revision" type="xs:unsignedInt" /> <xs:complexType name="acl"> <xs:all minOccurs="0"> <xs:element ref="S:revision" /> <xs:element name="effective_aces" type="S:aces" /> <xs:element name="subcontainer_inheritable_aces" type="S:inheritable_aces" /> <xs:element name="subitem_inheritable_aces" type="S:inheritable_aces" /> </xs:all> </xs:complexType> <xs:element name="audit_always" type="S:acl" /> <xs:element name="audit_on_failure" type="S:acl" /> <xs:element name="audit_on_success" type="S:acl" /> <xs:element name="sacl"> <xs:complexType> <xs:sequence> <xs:element ref="S:revision" /> <xs:element ref="S:audit_always" /> <xs:element ref="S:audit_on_failure" /> <xs:element ref="S:audit_on_success" /> </xs:sequence> <xs:attribute name="defaulted" type="S:bool" /> <xs:attribute name="protected" type="S:bool" /> <xs:attribute name="autoinherited" type="S:bool" /> </xs:complexType> </xs:element> <xs:element name="dacl"> <xs:complexType> <xs:complexContent mixed="false"> <xs:extension base="S:acl"> <xs:attribute name="defaulted" type="S:bool" /> <xs:attribute name="protected" type="S:bool" /> <xs:attribute name="autoinherited" type="S:bool" /> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <xs:element name="primary_group"> <xs:complexType> <xs:complexContent mixed="false"> <xs:extension base="S:sid"> <xs:attribute name="defaulted" type="S:bool" /> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <xs:element name="owner"> <xs:complexType> <xs:complexContent mixed="false"> <xs:extension base="S:sid"> <xs:attribute name="defaulted" type="S:bool" /> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> <xs:element name="security_descriptor"> <xs:complexType> <xs:complexContent mixed="false"> <xs:extension base="D:microsoft.security_descriptor"> <xs:attribute name="from_mapi_tlh" type="S:bool" /> </xs:extension> </xs:complexContent> </xs:complexType> </xs:element> </xs:schema> <!-- The base microsoft security descriptor --> <xs:schema xmlns:S="http://schemas.microsoft.com/security/" xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:complexType name="microsoft.security_descriptor"> <xs:all minOccurs="0"> <xs:element ref="S:revision" /> <xs:element ref="S:owner" /> <xs:element ref="S:primary_group" /> <xs:element ref="S:dacl" /> <xs:element ref="S:sacl" /> </xs:all> </xs:complexType> </xs:schema> <!-- The schema of the actual descriptor property This is the property that can be asked for via WebDAV --> <xs:schema xmlns:S="http://schemas.microsoft.com/security/" xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace= "http://schemas.microsoft.com/exchange/security/" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="descriptor"> <xs:complexType> <xs:sequence> <xs:element ref="S:security_descriptor" /> </xs:sequence> </xs:complexType> </xs:element> </xs:schema>