How can mailbox rights be read via SPML?.
“edsaUserMailboxSecurityDescriptorSddl” is a new attribute added to the Active Roles 7.3.1 schema.
WORKAROUND:
Active Roles v7.3.1 SPML does not support to read attribute “edsaUserMailboxSecurityDescriptorSddl“. But attribute “edsaUserMailboxSecurityDescriptorSddl” value can be set through SPML in “sddl” format, then it can be verified through Active Roles MMC console and Active Roles Web interface.
1.- Set the attribute “edsaUserMailboxSecurityDescriptorSddl” value through SPML in “sddl” format as shown here.
2.- Verify through Active Roles MMC console and Active Roles Web interface:
O:PSG:PSD:AI(A;CI;RC;;;S-1-5-21-2064067869-2662360268-1970296196-3772)(A;CI;RC;;;S-1-5-21-2064067869-2662360268-1970296196-3773). For user's SID value of "S-1-5-21-2064067869-2662360268-1970296196-3772 ", Read permission are granted on the mailbox. Finally, value "A;CI;RC" states the permission details.
On a side note, see below a sample to remove permissions from a mailbox via SPML:
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center