-
Title
Read shared mailbox rights via SPML -
Description
The following One Identity article shows how to amend mailbox' rights:How can mailbox rights be read via SPML?.
-
Cause
Mailbox rights modification is supported in "Active Roles 7.3.1 SPML" only as it is implemented as part of a new release. It is ‘not supported' in Active Roles 7.2.1.“edsaUserMailboxSecurityDescriptorSddl” is a new attribute added to the Active Roles 7.3.1 schema.
-
Resolution
WORKAROUND:
Active Roles v7.3.1 SPML does not support to read attribute “edsaUserMailboxSecurityDescriptorSddl“. But attribute “edsaUserMailboxSecurityDescriptorSddl” value can be set through SPML in “sddl” format, then it can be verified through Active Roles MMC console and Active Roles Web interface.
1.- Set the attribute “edsaUserMailboxSecurityDescriptorSddl” value through SPML in “sddl” format as shown here.
2.- Verify through Active Roles MMC console and Active Roles Web interface:
Note: In our online documentation sample, two users whose SID is provided are assigned mailbox permission:O:PSG:PSD:AI(A;CI;RC;;;S-1-5-21-2064067869-2662360268-1970296196-3772)(A;CI;RC;;;S-1-5-21-2064067869-2662360268-1970296196-3773). For user's SID value of "S-1-5-21-2064067869-2662360268-1970296196-3772 ", Read permission are granted on the mailbox. Finally, value "A;CI;RC" states the permission details.
On a side note, see below a sample to remove permissions from a mailbox via SPML:
