This documentation is archived and is not being maintained.

Exchange Security Tasks

EWS Managed API

Topic Last Modified: 2007-11-01

You can use a security descriptor to control access to an item and its properties. By using Exchange store security descriptors, you can do the following:

  • Both grant and deny a trustee access rights to an item and its properties.
  • Identify trustees who are using a Microsoft Windows security identifier (SID).
  • Set, retrieve, and modify the descriptor in XML format.
  • Access the descriptor by using both the Exchange OLE DB (ExOLEDB) provider and WebDAV in XML format.

The security descriptor for each item is accessed through the descriptor Field property of the item. This property is the descriptor for the item in XML format. The descriptor is physically stored and replicated in a Microsoft Exchange Server 2007-specific binary format, which is internally based on the standard Microsoft Windows Server operating systems descriptor format. The XML representation of the descriptor is not stored directly for the item. When you request this property for an item, the XML string is generated and then returned. When you set this property for an item, the XML string is parsed and the binary descriptor for the item is updated.