System Audit Control Lists XML Elements
Exchange Server 2003
In a system access control list (ACL), the sacl XML element can contain the elements revision, audit_always, audit_on_success, and audit_on_failure. The following table lists the content models for these elements.
| Element name | Child elements or contents |
|---|---|
| sacl Attributes: defaulted ="boolean" protected ="boolean" autointerhited="boolean" | revision? audit_always audit_on_failure audit_on_success |
| revision | String. A revision for the SACL; for example, "2". |
| audit_always | revision effective_aces subitem_inheritable_aces subcontainer_inheritable_aces |
| audit_on_failure | revision effective_aces subitem_inheritable_aces subcontainer_inheritable_aces |
| audit_on_success | revision? effective_aces subitem_inheritable_aces subcontainer_inheritable_aces |
| system_audit_ace Attributes: inherited =boolean (no_propagate_inherit=boolean)* | access_mask sid |
| system_audit_object_ace Attributes: inherited =boolean (no_propagate_inherit=boolean)* (inherited_object_type=GUID)* | access_mask sid (object_type | property_name) |
| access_mask | A hexadecimal number in string format; for example, "1fc9ff". This number is the 32-bit access mask for the access control entry (ACE). |
| sid | See Security Identifiers in XML. |
| object_type | A globally unique identifier (GUID) in standard string format. The GUID or the name identifies the property to which this ACE applies. |
| property_name | The name of the property. For example, urn:schemas:mailheader:from. |
*Denotes attributes present in inheritable ACEs. These entries are present in the subcontainer_inheritable_aces and subitem_inheritable_aces elements.
