none
SyncFolderItems returns ErrorAccessDenied when permissions are "Limited Details" or "Availability only" RRS feed

  • Question

  • I'm using the SyncFolderItems web service against an Office 365 account.

    I login to OWA as User A and share my primary calendar with User B.  When I share my calendar I can set the permission level to "Availability Only", "Limited Details", "Full Details", etc...

    Now, as User B I want to use EWS to sync the calendar events that User A shared.

    I call the SyncFolderItems web service as User B to get all the calendar events from User A using the SyncFolderId. 

    If User A selected "Full Details" for the permission level SyncFolderItems works flawlessly.  However, if User A selected "Limited Details" or "Availability Only" for the permission level the web service will return "ErrorAccessDenied".  I even tried setting the ItemShape to "IdOnly" (I was originally using "Default").

    Is this a restriction of Exchange?  I would expect to still be able to sync the calendar items, but perhaps only be able to see certain fields in the response.

    Here's the XML Request:

    <?xml version='1.0' encoding='utf-8'?>
    <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
        <soap:Header>
            <t:RequestServerVersion Version="Exchange2010" />
        </soap:Header>
        <soap:Body>
            <SyncFolderItems xmlns="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
                <ItemShape>
                    <t:BaseShape>IdOnly</t:BaseShape>
                </ItemShape>
                <SyncFolderId>
                    <t:FolderId Id="AAMkAG..." />
                </SyncFolderId>
                <SyncState></SyncState>
                <Ignore></Ignore>
                <MaxChangesReturned>500</MaxChangesReturned>
            </SyncFolderItems>
        </soap:Body>
    </soap:Envelope>

    And the Response (again, only when the shared permission level was "Limited Details" or "Availability Only", it returns a successful response with "Full Details"):

    <?xml version="1.0" encoding="utf-8"?>
    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
        <s:Header>
            <h:ServerVersionInfo MajorVersion="15" MinorVersion="0" MajorBuildNumber="775" MinorBuildNumber="7" Version="V2_4" xmlns:h="http://schemas.microsoft.com/exchange/services/2006/types" xmlns="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
        </s:Header>
        <s:Body>
            <m:SyncFolderItemsResponse xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types">
                <m:ResponseMessages>
                    <m:SyncFolderItemsResponseMessage ResponseClass="Error">
                        <m:MessageText>Access is denied. Check credentials and try again.</m:MessageText>
                        <m:ResponseCode>ErrorAccessDenied</m:ResponseCode>
                        <m:DescriptiveLinkKey>0</m:DescriptiveLinkKey>
                        <m:SyncState />
                        <m:IncludesLastItemInRange>true</m:IncludesLastItemInRange>
                    </m:SyncFolderItemsResponseMessage>
                </m:ResponseMessages>
            </m:SyncFolderItemsResponse>
        </s:Body>
    </s:Envelope>

    Thanks,

    - Sean

    Tuesday, September 17, 2013 1:39 AM

Answers

  • >> "Availability Only", "Limited Details"

    These are FreeBusy permission so if a user is given these rights then they will only every be able to query the Calendar details via the FreeBusy interface (eg getuseravailability).

    For a User to be able to query/access another users calendar folder, (or any other folder in a mailbox) the minimum level of permission they are going to need is reviewer on that folder.

    Cheers
    Glen 

    • Marked as answer by Sean McKeon Tuesday, September 17, 2013 2:53 AM
    Tuesday, September 17, 2013 2:39 AM

All replies

  • >> "Availability Only", "Limited Details"

    These are FreeBusy permission so if a user is given these rights then they will only every be able to query the Calendar details via the FreeBusy interface (eg getuseravailability).

    For a User to be able to query/access another users calendar folder, (or any other folder in a mailbox) the minimum level of permission they are going to need is reviewer on that folder.

    Cheers
    Glen 

    • Marked as answer by Sean McKeon Tuesday, September 17, 2013 2:53 AM
    Tuesday, September 17, 2013 2:39 AM
  • Thanks for the info!  I will give the GetUserAvailability service a try.

    - Sean

    Tuesday, September 17, 2013 2:56 AM