Security in an Event Sink
Topic Last Modified: 2006-06-12
Synchronous events can obtain an OLE DB session object from the IExStoreEventInfo Interface that is passed to the method that handles the event in the sink. This opens a session that is logged on as the user who caused the event to occur. Therefore, the event sink has access to the event item, the mailbox, or the public folder in which the event occurred, and to any items in the store in which the event occurred that the logon account has access to.
|Logon sessions are scoped such that an event sink cannot access more than one store. For example, a synchronous event sink handling an item in a public folder does not have access to the mailbox of the user who caused the event.|
The OnTimer event does not have context or scope.
An event sink that could be used improperly or that could cause problems if registered in certain folders should implement the ICreateRegistration Interface. The ICreateRegistration Interface allows you to programmatically deny event registration requests or to respond to an event registration item when it is modified, moved, copied, or replicated.