Modifying Permissions with ACLEDIT

The following procedure gives examples of the command lines used to modify user access permissions using ACLEDIT. The first command shows how to list the current access permissions. The second command shows how to grant another user (Test Account) several access permissions on Karin Gallagher's mailbox. The third command shows how to delete one of the users who has permissions to Karin Gallagher's mailbox.

    To modify user access permissions using ACLEDIT
  1. List the access permissions for the user inbox of Karin Gallagher by typing the following command:

    ACLEDIT /PR="Karin Gallagher" /INBOX /LIST

  2. Give a second user, Test Account, the readany and editowned permissions to Karin Gallagher's inbox by typing the following command:

    ACLEDIT /PR="Karin Gallagher" /INBOX /INSERT /RIGHTS="READANY EDITOWNED" /USER="Test Account"

  3. Delete the member in position 10 of the ACL of Karin Gallagher's inbox by typing the following command:

    ACLEDIT /PR="Karin Gallagher" /INBOX /DELETE /POS=10

The next procedure gives examples of the command lines used to modify public folder permissions using ACLEDIT. The first command lists all the access permissions on TEST FLDR. The second command gives the CREATE SUBFOLDER and CONTACT permissions to TEST FLDR to the Test Account.

    To modify public folder permissions using ACLEDIT
  1. List the permissions for the public folder labelled TEST FLDR on the public folder store of the MYSERVER server by typing the following command on one line:

    ACLEDIT /PR="MYSERVER" /STORE="PUBLIC FOLDERS" /FOLDER="IPM_SUBTREE\TEST FLDR" \LIST

  2. Give the CREATE SUBFOLDER and CONTACT permissions to the Test Account profile by typing the following command:

    ACLEDIT /PR="SERVER2" /STORE="PUBLIC FOLDERS" /RIGHTS="CREATE SUBFOLDER CONTACT" /NAME="Test Account"

    To modify folder permissions in the PST using ACLEDIT

List the permissions for the My Folder folder in the private information store (PST) by typing this command on one line:

ACLEDIT /PR="MYSERVER" /STORE="MAILBOX - Karin Gallagher" /FOLDER="TOP OF INFORMATION STORE\My Folder" /LIST

The ACLEDIT /LIST screen output lists all members with permissions to a public folder or mailbox along with their permissions. The member permissions that are displayed are restricted by the security context. If you do not own the folder whose permissions you are editing, ACLEDIT displays only your permissions on the folder and those of the folder's contact person. If you do own the folder, ACLEDIT displays all folder members and their permissions.

If a user requests permissions that are disallowed, ACLEDIT returns a message to the user listing the actual permissions that are set rather than the permissions that have been requested.

For example, position 0 always contains the DEFAULT member. Position 1 always contains the FOLDER CREATOR member. These members cannot be deleted or replaced. They can only be modified. If you attempt to place another member at position 1, the FOLDER CREATOR member at position 1 will be returned instead.

If a user already has specific permissions on a folder, you cannot use the INSERT command to give this user additional permissions, but you can use the MODIFY command to modify the existing entry.

Note If you use ACLEDIT to give Folder Owner permissions to a user, read and write permissions are not automatically included. Granting the actual read and write permissions is a separate step, even to the folder's owner. The new folder owner can grant read and write permissions, but does not have these permissions until they are specifically assigned.