EWS Get / Read Folder Permissions RRS feed

  • Question


    Anyone know how to update correctly or overwrite folder permissions using the managed api? I know there's an update, but if the permission(s) already exist it returns an error. Is there a way to force overwrite? ANd/Or also, get and outut all the existing permission on the folder? - thanks!

    FolderId id = new FolderId(WellKnownFolderName.Calendar, mailbox);
    Folder calfld = Folder.Bind(service, id);
    UserId user = new UserId();
    user.PrimarySmtpAddress = "";
    FolderPermission fldperm = new FolderPermission(user, FolderPermissionLevel.Author);
    Friday, March 11, 2011 11:02 AM

All replies

  • If you want to update the permission you should first loop though the existing folder permissions and if you find the user your trying to add change the existing permission of that user or remove them and re-add the new permission which is generally easier. When your using the updatefolder operation you are overwriting the permissions if you getting an error you not doing it correctly eg you trying to write a DACL with two ACE's for the same user if you haven't first enumerated it. 


    Monday, March 14, 2011 3:07 AM
  • hmm interesting but i'm not yet sure i believe you, i want to though ! I've found that if you want to force overwirite an ACE (one only) on the DACL using the Update, this always reports a duplicate user id, so it read that the user already existing o nthe DACL list and refuses it to be written.

    if you know how to force overwrite a permission i'd love to know! Right now i'm as you say, looping through to check if the permission already exists and if not writing it, but i'd like to overwrite if it does already exist.



    Sunday, March 20, 2011 6:15 PM
  • When you update rights using EWS you allways work with the whole DACL its up to you on the client side to ensure you not submitting a DACL with the multiple ACE's for a particular user. You can look at it as a replace rather then update. Basically it requires that you write you own client side logic to do all the hard work.


    Monday, March 21, 2011 2:15 AM
  • thanks for the information,  i understand now..


    I saw the information on your website regarding the msExchRecipientDisplayType attribute, took me hours of assuming there was a code problem until i found your site!

    Thanks again


    Monday, March 21, 2011 12:13 PM
  • actually i do have one question more!!! i'm removing and re-adding permissions on multiple mailboxes as some have say editor when they need publishin editor, for example, but it's just so slow at removing permissions. WOuld you mind giving me your opinion on the following please, i must be doing something stupid, i knwo it is a big task to run on each folder of the mailbox but i'd expect it to be a bit faster you know...thanks for nay help


    foreach (Folder strfolder in findfolders)
                          List<string> PermissionsList = new List<string>();
                          FolderId folderid = strfolder.Id;
                          Folder folder = Folder.Bind(service, folderid);
                          bool removedperm = false;
                          if (folder.Permissions.Count != 0)
                            for (int t = 0; t < folder.Permissions.Count; t++)
                              if (folder.Permissions[t].UserId.DisplayName != null || folder.Permissions[t].UserId.PrimarySmtpAddress != null)
                                if (folder.Permissions[t].UserId.PrimarySmtpAddress.ToLower() == strtargetacladdress.ToLower())
                                  removedperm = true;
                          if (!PermissionsList.Contains(strtargetacladdress.ToLower()) || (removedperm == true))
                            FolderPermission fldperm = new FolderPermission(user, FolderPermissionLevel.Owner);


    Wednesday, March 23, 2011 12:11 PM
  • You should really only be updating the DACL once for every folder your going to change in terms of the requests that's going to mean one request to get the folder permissions and one request to update them you can't batch these operations like you can with Item operations so it hard to increase performance that way. You should debug the code yourself and see where the time is being taken eg are you making multiple update calls on a folder etc. If you enable tracing you can see the request going to and from the server and see the amount of time its taking.


    Thursday, March 24, 2011 9:29 AM