4.2 Setting the Security Descriptor Property
To set the security descriptor property by using the PROPPATCH method, as specified in [RFC2518], the WebDAV request XML can look like the following.
-
<?xml version='1.0'?> <d:descriptor xmlns:d='http://schemas.microsoft.com/exchange/security/'> <S:security_descriptor xmlns:data='urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/' data:dt='microsoft.security_descriptor'> <S:dacl xmlns:S="http://schemas.microsoft.com/security/" S:defaulted="0" S:protected="0" S:autoinherited="0"> <S:effective_aces> <S:access_allowed_ace> <S:access_mask>1f0fbf</S:access_mask> <S:sid> <S:string_sid>S-1-5-21-2082262111-2968666075-236047801-500</S:string_sid> </S:sid> </S:access_allowed_ace> <S:access_allowed_ace> <S:access_mask>1f0fbf</S:access_mask> <S:sid> <S:string_sid>S-1-5-7</S:string_sid> </S:sid> </S:access_allowed_ace> <S:access_allowed_ace> <S:access_mask>1208a9</S:access_mask> <S:sid> <S:ad_object_guid>{9F4AC28A-2FD0-475E-9736-A9AF92E6612F}</S:ad_object_guid> </S:sid> </S:access_allowed_ace> <S:access_allowed_ace> <S:access_mask>1200a9</S:access_mask> <S:sid> <S:string_sid>S-1-1-0</S:string_sid> </S:sid> </S:access_allowed_ace> <S:access_denied_ace> <S:access_mask>d0f16</S:access_mask> <S:sid> <S:string_sid>S-1-1-0</S:string_sid> </S:sid> </S:access_denied_ace> </S:effective_aces> <S:subcontainer_inheritable_aces> <S:access_allowed_ace> <S:access_mask>1208a9</S:access_mask> <S:sid> <S:ad_object_guid>{9F4AC28A-2FD0-475E-9736-A9AF92E6612F}</S:ad_object_guid> </S:sid> </S:access_allowed_ace> </S:subcontainer_inheritable_aces> <S:subitem_inheritable_aces> <S:access_allowed_ace> <S:access_mask>1208a9</S:access_mask> <S:sid> <S:ad_object_guid>{9F4AC28A-2FD0-475E-9736-A9AF92E6612F}</S:ad_object_guid> </S:sid> </S:access_allowed_ace> </S:subitem_inheritable_aces> </S:dacl> </S:security_descriptor> </d:descriptor>