System Audit Control Lists XML Elements

Exchange Server 2003

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

In a system access control list (ACL), the sacl XML element can contain the elements revision, audit_always, audit_on_success, and audit_on_failure. The following table lists the content models for these elements.

Element name Child elements or contents
sacl Attributes: defaulted ="boolean" protected ="boolean" autointerhited="boolean" revision? audit_always audit_on_failure audit_on_success
revision String. A revision for the SACL; for example, "2".
audit_always revision effective_aces subitem_inheritable_aces subcontainer_inheritable_aces
audit_on_failure revision effective_aces subitem_inheritable_aces subcontainer_inheritable_aces
audit_on_success revision? effective_aces subitem_inheritable_aces subcontainer_inheritable_aces
system_audit_ace Attributes: inherited =boolean (no_propagate_inherit=boolean)* access_mask sid
system_audit_object_ace Attributes: inherited =boolean (no_propagate_inherit=boolean)* (inherited_object_type=GUID)* access_mask sid (object_type | property_name)
access_mask A hexadecimal number in string format; for example, "1fc9ff". This number is the 32-bit access mask for the access control entry (ACE).
sid See Security Identifiers in XML.
object_type A globally unique identifier (GUID) in standard string format. The GUID or the name identifies the property to which this ACE applies.
property_name The name of the property. For example, urn:schemas:mailheader:from.

*Denotes attributes present in inheritable ACEs. These entries are present in the subcontainer_inheritable_aces and subitem_inheritable_aces elements.

