DOCUMENT:Q297493 13-MAY-2002 [exchange] TITLE :HOWTO: Modify Exchange Folder Permissions w/IExchangeModifyTable PRODUCT :Microsoft Exchange PROD/VER::1.0,5.5 OPER/SYS: KEYWORDS:kbMsg kbGrpDSMsg kbDSupport ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Exchange Server, version 5.5 - Microsoft Exchange 2000 Server - Microsoft Extended Messaging Application Programming Interface (MAPI), version 1.0 ------------------------------------------------------------------------------- SUMMARY ======= The private and public folder permissions for an Exchange server are stored in Access Control List (ACL) table objects which can be accessed using IExchangeModifyTable interface. This article demonstrates how to add, modify, or remove user permissions using this interface. MORE INFORMATION ================ You can use the IExchangeModifyTable::ModifyTable method to change user permissions for Exchange folders. ModifyTable takes a ROWLIST structure, which contains an array of ROWENTRY structures representing rows in the table and the operations performed on those rows. In the ROWENTRY structure, you must specify the operation to be performed in the ulRowFlags field. You must also specify an array of SPropValue structures representing the columns values to be inserted into the table. For example: - To add a user permission, set ulRowFlags to ROW_ADD, and specify PR_MEMBER_ENTRYID and PR_MEMBER_RIGHTS for SPropValue. - To modify a user permission, set ulRowFlags to ROW_MODIFY, and specify PR_MEMBER_ID and PR_MEMBER_RIGHTS for SPropValue. - To remove a user permission, set ulRowFlags to ROW_REMOVE, and specify PR_MEMBER_ID for SPropValue. Sample Code ----------- Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a particular purpose. This article assumes that you are familiar with the programming language being demonstrated and the tools used to create and debug procedures. Microsoft support professionals can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific needs. If you have limited programming experience, you may want to contact a Microsoft Certified Partner or the Microsoft fee-based consulting line at (800) 936-5200. For more information about Microsoft Certified Partners, please visit the following Microsoft Web site: http://www.microsoft.com/partner/referral/ For more information about the support options that are available and about how to contact Microsoft, visit the following Microsoft Web site: http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS To run the sample code, follow these steps: 1. Using the Win32 Console Application AppWizard, create a new empty project and name it "ModifyTable". 2. Add a new C++ source file to the project and name it "ModifyTable.cpp". 3. Paste the following code into ModifyTable.cpp. #include #include #include "edk.h" typedef enum ACLRIGHTS { RIGHTS_EDIT_OWN = 0x8, RIGHTS_EDIT_ALL = 0x20, RIGHTS_DELETE_OWN = 0x10, RIGHTS_DELETE_ALL = 0x40, RIGHTS_READ_ITEMS = 0x1, RIGHTS_CREATE_ITEMS = 0x2, RIGHTS_CREATE_SUBFOLDERS = 0x80, RIGHTS_FOLDER_OWNER = 0x100, RIGHTS_FOLDER_CONTACT = 0x200, RIGHTS_FOLDER_VISIBLE = 0x400, RIGHTS_NONE = 0, ROLE_OWNER = 0x5e3, ROLE_PUBLISH_EDITOR = 0x4e3, ROLE_EDITOR = 0x463, ROLE_PUBLISH_AUTHOR = 0x49b, ROLE_AUTHOR = 0x41b, ROLE_NONEDITING_AUTHOR = 0x413, ROLE_REVIEWER = 0x401, ROLE_CONTRIBUTOR = 0x402, ROLE_NONE = 0x400 } ACLRIGHTS; enum { ePR_MEMBER_ENTRYID, ePR_MEMBER_RIGHTS, ePR_MEMBER_ID, ePR_MEMBER_NAME, NUM_COLS }; SizedSPropTagArray(NUM_COLS, rgPropTag) = { NUM_COLS, { PR_MEMBER_ENTRYID, // Unique across directory. PR_MEMBER_RIGHTS, PR_MEMBER_ID, // Unique within ACL table. PR_MEMBER_NAME, // Display name. } }; STDMETHODIMP AddUserPermission( LPSTR szUserAlias, LPMAPISESSION lpSession, LPEXCHANGEMODIFYTABLE lpExchModTbl, ACLRIGHTS frights); STDMETHODIMP ModifyUserPermission( LPSTR szDisplayName, LPEXCHANGEMODIFYTABLE lpExchModTbl, ACLRIGHTS frights); STDMETHODIMP RemoveUserPermission( LPSTR szDisplayName, LPEXCHANGEMODIFYTABLE lpExchModTbl); void main() { HRESULT hr = NULL; LPMAPISESSION lpSession = NULL; LPMDB lpPubStore = NULL; LPMAPIFOLDER lpPubFolder = NULL; LPMAPIFOLDER lpMyFolder = NULL; LPEXCHANGEMODIFYTABLE lpExchModTbl= NULL; hr = MAPIInitialize(NULL); if (FAILED(hr)) return; hr = MAPILogonEx(0, NULL, NULL, MAPI_LOGON_UI | MAPI_NEW_SESSION, &lpSession); if (FAILED(hr)) goto cleanup0; // Open public folder store. hr = HrOpenExchangePublicStore(lpSession, &lpPubStore); if (FAILED(hr)) goto cleanup; // Open all public folders. hr = HrOpenExchangePublicFolders(lpPubStore, &lpPubFolder); if (FAILED(hr)) goto cleanup; // Replace with your public folder name. hr = HrMAPIOpenSubfolderEx(lpPubFolder, '\\', "\\MyFolder", &lpMyFolder); if (FAILED(hr)) goto cleanup; hr = lpMyFolder->OpenProperty(PR_ACL_TABLE, &IID_IExchangeModifyTable, 0, MAPI_DEFERRED_ERRORS, (LPUNKNOWN*)&lpExchModTbl); if(FAILED(hr)) goto cleanup; // Replace first parameter with user alias. // Add user with publishing author rights. hr = AddUserPermission( "userone", lpSession, lpExchModTbl, ROLE_PUBLISH_AUTHOR); // Replace first parameter with user display name. // Modify user to have reviewer rights. hr = ModifyUserPermission( "User One", lpExchModTbl, ROLE_REVIEWER); // Replace first parameter with user display name. // Remove user rights. hr = RemoveUserPermission( "User One", lpExchModTbl); cleanup: if (lpExchModTbl) lpExchModTbl->Release(); if (lpMyFolder) lpMyFolder->Release(); if (lpPubFolder) lpPubFolder->Release(); if (lpPubStore) lpPubStore->Release(); lpSession->Logoff(0, MAPI_LOGOFF_UI, 0); lpSession->Release(); cleanup0: MAPIUninitialize(); return; } STDMETHODIMP AddUserPermission( LPSTR szUserAlias, LPMAPISESSION lpSession, LPEXCHANGEMODIFYTABLE lpExchModTbl, ACLRIGHTS frights) { HRESULT hr = S_OK; LPADRBOOK lpAdrBook; ULONG cbEid; LPENTRYID lpEid = NULL; SPropValue prop[2] = {0}; ROWLIST rowList = {0}; char szExName[MAX_PATH]; // Replace with "/o=OrganizationName/ou=SiteName/cn=Recipients/cn=" char* szServerDN = "/o=org/ou=site/cn=Recipients/cn="; strcpy(szExName, szServerDN); strcat(szExName, szUserAlias); // Open the address book. hr = lpSession->OpenAddressBook(0, 0, MAPI_ACCESS_MODIFY, &lpAdrBook ); if ( FAILED( hr ) ) goto cleanup; // Obtain the entry ID for the recipient. hr = HrCreateDirEntryIdEx(lpAdrBook, szExName, &cbEid, &lpEid); if ( FAILED( hr ) ) goto cleanup; prop[0].ulPropTag = PR_MEMBER_ENTRYID; prop[0].Value.bin.cb = cbEid; prop[0].Value.bin.lpb = (BYTE*)lpEid; prop[1].ulPropTag = PR_MEMBER_RIGHTS; prop[1].Value.l = frights; rowList.cEntries = 1; rowList.aEntries->ulRowFlags = ROW_ADD; rowList.aEntries->cValues = 2; rowList.aEntries->rgPropVals = &prop[0]; hr = lpExchModTbl->ModifyTable(0, &rowList); if(FAILED(hr)) goto cleanup; printf("Added user permission. \n"); cleanup: if (lpAdrBook) lpAdrBook->Release(); return hr; } STDMETHODIMP ModifyUserPermission( LPSTR szDisplayName, LPEXCHANGEMODIFYTABLE lpExchModTbl, ACLRIGHTS frights) { HRESULT hr = S_OK; LPMAPITABLE lpMapiTbl = NULL; ULONG ulFlagsTable = 0; ULONG lpulCount = NULL; LPSRowSet pRows = NULL; UINT i = 0; SPropValue prop[2] = {0}; ROWLIST rowList = {0}; BOOLEAN bFound = false; // Retrieve MAPI table. hr = lpExchModTbl->GetTable(0, &lpMapiTbl); if (FAILED(hr)) goto cleanup; hr = lpMapiTbl->GetRowCount(ulFlagsTable, &lpulCount); if (FAILED(hr)) goto cleanup; hr = lpMapiTbl->SetColumns((LPSPropTagArray)&rgPropTag, 0 ); if (FAILED(hr)) goto cleanup; hr = HrQueryAllRows(lpMapiTbl, NULL, NULL, NULL, lpulCount, &pRows); if (FAILED(hr)) goto cleanup; for (i = 0; i < pRows -> cRows; i++) { if(PR_MEMBER_NAME == pRows ->aRow[i].lpProps[ePR_MEMBER_NAME].ulPropTag) { if (!strcmp(pRows -> aRow[i].lpProps[ePR_MEMBER_NAME].Value.lpszA, szDisplayName)) { bFound = true; if (PR_MEMBER_ID == pRows -> aRow[i].lpProps[ePR_MEMBER_ID].ulPropTag) { prop[0].ulPropTag = PR_MEMBER_ID; prop[0].Value.bin.cb = pRows -> aRow[i].lpProps[ePR_MEMBER_ID].Value.bin.cb; prop[0].Value.bin.lpb = (BYTE*)pRows -> aRow[i].lpProps[ePR_MEMBER_ID].Value.bin.lpb; prop[1].ulPropTag = PR_MEMBER_RIGHTS; prop[1].Value.l = frights; rowList.cEntries = 1; rowList.aEntries->ulRowFlags = ROW_MODIFY; rowList.aEntries->cValues = 2; rowList.aEntries->rgPropVals = &prop[0]; hr = lpExchModTbl->ModifyTable(0, &rowList); if(FAILED(hr)) goto cleanup; printf("Modified user permission.\n"); } } } } if (!bFound) printf("User not there, no need to modify ...\n"); cleanup: if (lpMapiTbl) lpMapiTbl->Release(); if (pRows) FreeProws(pRows); return hr; } STDMETHODIMP RemoveUserPermission( LPSTR szDisplayName, LPEXCHANGEMODIFYTABLE lpExchModTbl) { HRESULT hr = S_OK; LPMAPITABLE lpMapiTbl = NULL; ULONG ulFlagsTable = 0; ULONG lpulCount = NULL; LPSRowSet pRows = NULL; UINT i = 0; SPropValue prop[1] = {0}; ROWLIST rowList = {0}; BOOLEAN bFound = false; // Retrieve MAPI table. hr = lpExchModTbl->GetTable(0, &lpMapiTbl); if (FAILED(hr)) goto cleanup; hr = lpMapiTbl->GetRowCount(ulFlagsTable, &lpulCount); if (FAILED(hr)) goto cleanup; hr = lpMapiTbl->SetColumns((LPSPropTagArray)&rgPropTag, 0 ); if (FAILED(hr)) goto cleanup; hr = HrQueryAllRows(lpMapiTbl, NULL, NULL, NULL, lpulCount, &pRows); if (FAILED(hr)) goto cleanup; for (i = 0; i < pRows -> cRows; i++) { if(PR_MEMBER_NAME == pRows -> aRow[i].lpProps[ePR_MEMBER_NAME].ulPropTag) { if (!strcmp(pRows -> aRow[i].lpProps[ePR_MEMBER_NAME].Value.lpszA, szDisplayName)) { printf("Found User to remove\n"); bFound = true; if (PR_MEMBER_ID == pRows -> aRow[i].lpProps[ePR_MEMBER_ID].ulPropTag) { prop[0].ulPropTag = PR_MEMBER_ID; prop[0].Value.bin.cb = pRows -> aRow[i].lpProps[ePR_MEMBER_ID].Value.bin.cb; prop[0].Value.bin.lpb = (BYTE*)pRows -> aRow[i].lpProps[ePR_MEMBER_ID].Value.bin.lpb; rowList.cEntries = 1; rowList.aEntries->ulRowFlags = ROW_REMOVE; rowList.aEntries->cValues = 1; rowList.aEntries->rgPropVals = &prop[0]; hr = lpExchModTbl->ModifyTable(0, &rowList); if(FAILED(hr)) goto cleanup; printf("Removed user permission. \n"); } } } } if (!bFound) printf("User not there, no need to remove. \n"); cleanup: if (lpMapiTbl) lpMapiTbl->Release(); if (pRows) FreeProws(pRows); return hr; } 4. In the main function, replace MyFolder with your public folder name under All Public Folders. 5. In the main function, replace the first parameter to the AddUserPermission call with a user alias for which you want to add permission, and replace the first parameter to both the ModifyPermission and RemovePermission calls with the user's display name. 6. In the AddUserPermission function, replace szServerDN to reflect your Exchange organization name and site name. 7. On the Project menu, click Settings, and then click the Link tab. In Object/Library Modules, add edkutils.lib exchsdk.lib mapi32.lib msvcrt.lib kernel32.lib version.lib user32.lib and advapi32.lib. Click to select Ignore all default libraries. 8. Compile and then build the project. 9. Put breakpoints on the AddUserPermission, ModifyPermission, and RemovePermission calls in the main function. 10. Press F5 to start debugging, and choose the profile name when prompted. 11. Press F10 when the first breakpoint is reached. Check the folder permission from Microsoft Outlook to verify that the user permission is added with "Publishing Author" permission. 12. Press F10 again, and verify that the user's permission is changed to "Reviewer". 13. Press F10 again, and verify that the user's permission is removed. Additional query words: IExchangeModifyTable ModifyTable ====================================================================== Keywords : kbMsg kbGrpDSMsg kbDSupport Technology : kbAudDeveloper kbMAPISearch kbExchangeSearch kbExchange550 kbZNotKeyword kbZNotKeyword2 kbExchange2000Search kbExchange2000Serv kbMAPIExt Version : :1.0,5.5 Issue type : kbhowto ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.