Share via

Exchange 2007 Provider::GetMailboxPermission

  • Article

This method retrieves the current permissions for users or groups to the Specified Mailbox.

Arguments

Input Arguments Required Description

<preferredDomainController>

Yes

This parameter specifies a unique name for the accepted domain object.

<user>

No

This parameter specifies a user whose assigned permissions to this mailbox will be retrieved. It cannot be used with the 'owner' parameter.

<owner>

No

This parameter cannot be used with the 'user' parameter.

<path>

Yes

A valid Lightweight directory access protocol (LDAP) path of an existing mailbox.
Output Arguments Description

<permissions>

The collection of Mailbox permissions.

<permissions/ permission>

The details of a permission associated with a Mailbox.

<permissions/ permission/ identity>

The Active Directory Object ID or a string that represents the GUID, distinguished name, domain or account, user principal name (UPN), legacy Exchange distinguished name, Simple Mail Transfer Protocol (SMTP) address, or alias.

<permissions/ permission/ user>

This parameter specifies the user associated with the permission item.

<permissions/ permission/ owner>

The owner.

<permissions/ permission/ deny>

Deny permissions to the mailbox for the specified user.

<permissions/ permission/ isInherited>

This parameter indicates if access right is inherited.

<permissions/ permission/ isValid>

This parameter indicates whether the Ace Presentation Object is valid.

<permissions/ permission/ inheritanceType>

This parameter specifies whether permissions are inherited to folders within the mailbox. Enum

  • None

  • All

  • Descendents

  • SelfAndChildren

  • Children

<permissions/ permission/ accessRights>

The collection for access rights.

<permissions/ permission/ accessRights/ value>

This parameter specifies the rights applied to the mailbox. Enum

  • ChangeOwner

  • ChangePermission

  • DeleteItem

  • ExternalAccount

  • FullAccess

  • ReadPermission

Remarks

Security

Rollback Method: Not implemented

The caller must be at least a member of the role: userCreators.

Sample Code

Example XML Request

<request> 
  <data> 
    <!--The domain controller to use for Active Directory actions.--> 
    <preferredDomainController>AD01.Fabrikam.Com</preferredDomainController> 
    <!--The LDAP path of an existing mailbox.--> 
    <path>LDAP://CN=kima@AlpineSkiHouse.com,OU=AlpineSkiHouse,OU=ConsolidatedMessenger,OU=Hosting,DC=Fabrikam,DC=Com</path> 
    <!--Cannot be used with "user" parameter.--> 
    <owner>false</owner> 
    <!--Specifies a user whose assigned permissions to this mailbox will be retrieved.  Cannot be used with "owner" parameter.--> 
    <user>LDAP://CN=johnc@AlpineSkiHouse.com,OU=AlpineSkiHouse,OU=ConsolidatedMessenger,OU=Hosting,DC=Fabrikam,DC=Com</user> 
  </data> 
  <procedure> 
    <execute namespace="Exchange 2007 Provider" procedure="GetMailboxPermission" impersonate="1"> 
      <before source="data" sourcePath="preferredDomainController" destination="executeData" mode="move" /> 
      <before source="data" sourcePath="path" destination="executeData" mode="move" /> 
      <before source="data" sourcePath="owner" destination="executeData" mode="move" /> 
      <before source="data" sourcePath="user" destination="executeData" mode="move" /> 
      <after source="executeData" destination="data" mode="merge" /> 
    </execute> 
  </procedure> 
</request>

Example XML Response

<response> 
  <data> 
    <!--Collection of Mailbox permissions.--> 
    <permissions> 
      <!--Details of a permission associated with a Mailbox.--> 
      <permission> 
        <!--The Active Directory Object ID or a string that represents the GUID, distinguished name, domain or account, user principal name (UPN), legacy Exchange distinguished name, Simple Mail Transfer Protocol (SMTP) address, or alias.--> 
        <identity>LDAP://CN=johnc@AlpineSkiHouse.com,OU=AlpineSkiHouse,OU=ConsolidatedMessenger,OU=Hosting,DC=Fabrikam,DC=Com</identity> 
        <!--Specifies the user assciated with the permission item.--> 
        <user>LDAP://CN=kima@AlpineSkiHouse.com,OU=AlpineSkiHouse,OU=ConsolidatedMessenger,OU=Hosting,DC=Fabrikam,DC=Com</user> 
        <!--Owner.--> 
        <owner>NT AUTHORITY\SELF</owner> 
        <!--Deny permissions to the mailbox for the specified user.--> 
        <deny>false</deny> 
        <!--Indicates if access right is inherited.--> 
        <isInherited>false</isInherited> 
        <!--Indicates whether the Ace Presentation Object is valid.--> 
        <isValid>true</isValid> 
        <!--Specifies whether permissions are inherited to folders within the mailbox.--> 
        <inheritanceType>All</inheritanceType> 
        <!--Collection of Access Rights.--> 
        <accessRights> 
          <!--Specifies the rights applied to the mailbox.--> 
          <value>FullAccess</value> 
        </accessRights> 
      </permission> 
    </permissions> 
  </data> 
</response>

Applies To

Exchange 2007 Provider Namespace for:

  • Hosted Messaging and Collaboration version 4.5

  • Hosted Messaging and Collaboration version 4.0

See also

Tasks

Managed Email 2007::DeleteSMTPDomain
Hosted Email 2007::DeleteSMTPDomain
Hosted Email 2007::CreateConsumerVanityDomain
Hosted Email 2007::GetOrganizationDomains