How To Deny a User Read Permissions on a Mail Item (289879)

MORE INFORMATION

The following code sample denies read permissions to User1 for the Test.eml mail item that is located in Public Folders\Testfolder.

To deny read privileges to a user, follow these steps:

In the Public Folders folder, create a new folder and name it TestFolder.
In TestFolder, create a new mail item and make the subject of that item "test".
Log on as User1 and make sure that you can see the item.
In Microsoft visual Basic, create a new Standard EXE project.
Add a reference to the ActiveX Data Objects 2.5 Library.
Add a button and name it Deny.

Paste the following code in the button's Click event:

    Dim strDomainName As String
    Dim strLocalPath As String
    Dim strURL As String
    Dim rec As ADODB.Record
    Dim fld As ADODB.Field
    Dim strXML As String
    Dim NTAlias As String
    Dim Allow As String
    Dim Deny as String
   
    'TO DO:Change the following 2 variables to reflect your environment and     'the user whose permissions you are changing.
    strDomainName = "YourDomainName"
    NTAlias  = "YourDomainName\user1"  
    
    'Below you are setting the access mask for User1 to
    'deny him read permissions.
    'For more about access masks, refer to the link below.

    Allow = "1FF000"
    Deny = "10FFFF"
    strLocalPath = "public folders\testflolder\test.eml"
    strURL = "file://./backofficestorage/" & strDomainName 
    strURL = strURL & "/" & strLocalPath
    
    On Error GoTo err:
    
    Set rec = New ADODB.Record
    rec.Open strURL, , adModeReadWrite

    'Modify SD.
    strXML = "<S:security_descriptor " & _
          "xmlns:S=""http://schemas.microsoft.com/security/""" & _
          "xmlns:D=""urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/""" & _
          "D:dt=""microsoft.security_descriptor"">"
    strXML = strXML + " <S:dacl>"
    strXML = strXML + "  <S:effective_aces>"
    strXML = strXML + "   <S:access_allowed_ace>"
    strXML = strXML + "   <S:access_mask>" + Allow + "</S:access_mask>"
    strXML = strXML + "    <S:sid>"

    'If you are denying to the group, the line below will be
    'strXML = strXML + "     <S:type>group</S:type>"

    strXML = strXML + "     <S:type>user</S:type>"
    strXML = strXML + "     <S:nt4_compatible_name>" + NTAlias
    strXML = strXML + "</S:nt4_compatible_name>"
    strXML = strXML + "    </S:sid>"
    strXML = strXML + "   </S:access_allowed_ace>"
    strXML = strXML + "   <S:access_denied_ace>"
    strXML = strXML + "    <S:access_mask>" + Deny + "</S:access_mask>"
    strXML = strXML + "    <S:sid>"

    'If you are denying to the group, the line below will be
    'strXML = strXML + "     <S:type>group</S:type>"

    strXML = strXML + "     <S:type>user</S:type>"
    strXML = strXML + "     <S:nt4_compatible_name>" + NTAlias
    strXML = strXML + "</S:nt4_compatible_name>"
    strXML = strXML + "    </S:sid>"
    strXML = strXML + "   </S:access_denied_ace>"
    strXML = strXML + "  </S:effective_aces>"
    strXML = strXML + " </S:dacl>"
    strXML = strXML + "</S:security_descriptor>"

   rec.Fields.Append _
    "http://schemas.microsoft.com/exchange/security/descriptor", _
    adBSTR, Len(strXML), , strXML

    rec.Fields.Update
    
    'Close it.
    rec.Close
    Set rec = Nothing

err:
    If err.Number Then
       msgbox err.Number & ": " & err.Description & "::" & err.Source
        err.Clear
    End If

Modify the lines of code that are marked "TO DO" according to your situation.
Run the project and click Deny.
Log on as User1 and locate TestFolder. You are now unable to view the item that you created.

How To Deny a User Read Permissions on a Mail Item (289879)

SUMMARY

MORE INFORMATION

REFERENCES