2.2 Message Syntax

The security descriptor property adds to the set of WebDAV properties, as specified in [RFC2518] section 13. The WebDAV Protocol Security Extensions use the PROPFIND and PROPPATCH WebDAV methods specified in [RFC2518] sections 8.1 and 8.2 to get and set this property. This property is an XML representation of a security descriptor. The type of this property is specified by using XML schema definition (XSD) grammar, as specified in [XMLSCHEMA1/2]. This property is represented by the descriptor XML element, which extends the security_descriptor element defined in the http://schemas.microsoft.com/security/ XML namespace. The XSD for this property is defined as follows.

 <?xml version="1.0" encoding="utf-8" ?>
 <xs:schema xmlns:S="http://schemas.microsoft.com/security/"
            xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
            attributeFormDefault="qualified"
            elementFormDefault="qualified"
            targetNamespace="http://schemas.microsoft.com/security/"
            xmlns:xs="http://www.w3.org/2001/XMLSchema">
  
   <!--  Bool is defined to be either 1 or 0 -->
   <xs:simpleType name="bool">
     <xs:restriction base="xs:boolean">
       <xs:pattern value="0|1" />
     </xs:restriction>
   </xs:simpleType>
  
   <!--  Globally Unique Identifier [MS-DTYP] -->
   <xs:simpleType name="guid">
     <xs:restriction base="xs:string">
       <xs:pattern value="\{[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}\}" />
     </xs:restriction>
   </xs:simpleType>
  
   <xs:simpleType name="type_string">
     <xs:restriction base="xs:string">
       <xs:enumeration value="user" />
       <xs:enumeration value="group" />
       <xs:enumeration value="domain" />
       <xs:enumeration value="alias" />
       <xs:enumeration value="well_known_group" />
       <xs:enumeration value="deleted_account" />
       <xs:enumeration value="invalid" />
       <xs:enumeration value="unknown" />
       <xs:enumeration value="computer" />
     </xs:restriction>
   </xs:simpleType>
  
   <xs:element name="display_name" type="xs:string" />
   <xs:element name="ad_object_guid" type="S:guid" />
   <xs:element name="type" type="S:type_string" />
   <xs:element name="nt4_compatible_name" type="xs:string" />
   <xs:element name="string_sid" type="xs:string" />
  
   <xs:complexType name="NT_Sid">
     <xs:sequence>
       <xs:element minOccurs="0" ref="S:string_sid" />
       <xs:element minOccurs="0" ref="S:type" />
       <xs:element minOccurs="0" ref="S:nt4_compatible_name" />
  
       <xs:element minOccurs="0" ref="S:ad_object_guid" />
       <xs:element minOccurs="0" ref="S:display_name" />
     </xs:sequence>
   </xs:complexType>
  
   <xs:complexType name="sid">
     <xs:sequence>
       <xs:element name="sid" type="S:NT_Sid" />
     </xs:sequence>
   </xs:complexType>
  
   <xs:element name="access_mask">
     <xs:simpleType>
       <xs:restriction base="xs:hexBinary">
         <xs:minLength value="1" />
         <xs:maxLength value="8" />
       </xs:restriction>
     </xs:simpleType>
   </xs:element>
  
   <xs:complexType name="ace_T">
     <xs:sequence>
       <xs:element ref="S:access_mask" />
       <xs:element name="sid" type="S:NT_Sid" />
     </xs:sequence>
     <xs:attribute name="inherited" type="S:bool" />
   </xs:complexType>
  
   <xs:complexType name="inheritable_ace_T">
     <xs:complexContent mixed="false">
       <xs:extension base="S:ace_T">
         <xs:attribute name="no_propagate_inherit" type="S:bool" />
       </xs:extension>
     </xs:complexContent>
   </xs:complexType>
  
   <xs:complexType name="aces">
     <xs:sequence>
       <xs:element minOccurs="0" maxOccurs="unbounded" name="access_allowed_ace" type="S:ace_T" />
       <xs:element minOccurs="0" maxOccurs="unbounded" name="access_denied_ace" type="S:ace_T" />
       <xs:element minOccurs="0" maxOccurs="unbounded" name="system_audit_ace" type="S:ace_T" />
     </xs:sequence>
   </xs:complexType>
  
   <xs:complexType name="inheritable_aces">
     <xs:sequence>
       <xs:element minOccurs="0" maxOccurs="unbounded" name="access_allowed_ace" type="S:inheritable_ace_T" />
       <xs:element minOccurs="0" maxOccurs="unbounded" name="access_denied_ace" type="S:inheritable_ace_T" />
       <xs:element minOccurs="0" maxOccurs="unbounded" name="system_audit_ace" type="S:inheritable_ace_T" />
     </xs:sequence>
   </xs:complexType>
  
   <xs:element name="revision" type="xs:unsignedInt" />
  
   <xs:complexType name="acl">
     <xs:all minOccurs="0">
       <xs:element ref="S:revision" />
       <xs:element name="effective_aces" type="S:aces" />
       <xs:element name="subcontainer_inheritable_aces" type="S:inheritable_aces" />
       <xs:element name="subitem_inheritable_aces" type="S:inheritable_aces" />
     </xs:all>
   </xs:complexType>
  
   <xs:element name="audit_always" type="S:acl" />
   <xs:element name="audit_on_failure" type="S:acl" />
   <xs:element name="audit_on_success" type="S:acl" />
  
   <xs:element name="sacl">
     <xs:complexType>
       <xs:sequence>
         <xs:element ref="S:revision" />
         <xs:element ref="S:audit_always" />
         <xs:element ref="S:audit_on_failure" />
         <xs:element ref="S:audit_on_success" />
       </xs:sequence>
       <xs:attribute name="defaulted" type="S:bool" />
       <xs:attribute name="protected" type="S:bool" />
       <xs:attribute name="autoinherited" type="S:bool" />
     </xs:complexType>
   </xs:element>
  
   <xs:element name="dacl">
     <xs:complexType>
       <xs:complexContent mixed="false">
         <xs:extension base="S:acl">
           <xs:attribute name="defaulted" type="S:bool" />
           <xs:attribute name="protected" type="S:bool" />
           <xs:attribute name="autoinherited" type="S:bool" />
         </xs:extension>
       </xs:complexContent>
     </xs:complexType>
   </xs:element>
  
   <xs:element name="primary_group">
     <xs:complexType>
       <xs:complexContent mixed="false">
         <xs:extension base="S:sid">
           <xs:attribute name="defaulted" type="S:bool" />
         </xs:extension>
       </xs:complexContent>
     </xs:complexType>
   </xs:element>
  
   <xs:element name="owner">
     <xs:complexType>
       <xs:complexContent mixed="false">
         <xs:extension base="S:sid">
           <xs:attribute name="defaulted" type="S:bool" />
         </xs:extension>
       </xs:complexContent>
     </xs:complexType>
   </xs:element>
  
   <xs:element name="security_descriptor">
     <xs:complexType>
       <xs:complexContent mixed="false">
         <xs:extension base="D:microsoft.security_descriptor">
           <xs:attribute name="from_mapi_tlh" type="S:bool" />
         </xs:extension>
       </xs:complexContent>
     </xs:complexType>
   </xs:element>
 </xs:schema>
  
 <!--  The base microsoft security descriptor -->
 <xs:schema xmlns:S="http://schemas.microsoft.com/security/"
            xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
            attributeFormDefault="qualified"
            elementFormDefault="qualified"
            targetNamespace="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
            xmlns:xs="http://www.w3.org/2001/XMLSchema">
  
   <xs:complexType name="microsoft.security_descriptor">
     <xs:all minOccurs="0">
       <xs:element ref="S:revision" />
       <xs:element ref="S:owner" />
       <xs:element ref="S:primary_group" />
       <xs:element ref="S:dacl" />
       <xs:element ref="S:sacl" />
     </xs:all>
   </xs:complexType>
 </xs:schema>
  
 <!--  The schema of the actual descriptor property
       This is the property that can be asked for via WebDAV  -->
  
 <xs:schema xmlns:S="http://schemas.microsoft.com/security/"
            xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"
            attributeFormDefault="qualified"
            elementFormDefault="qualified"
            targetNamespace=
               "http://schemas.microsoft.com/exchange/security/"
            xmlns:xs="http://www.w3.org/2001/XMLSchema">
  
   <xs:element name="descriptor">
     <xs:complexType>
       <xs:sequence>
         <xs:element ref="S:security_descriptor" />
       </xs:sequence>
     </xs:complexType>
   </xs:element>
 </xs:schema>
Show: