Modify the permissions of an existing Exchange 2003/2000 mailbox. The
mailbox and user account must exist.
This action is typically used in a script that is intended to manage
existing user accounts and mailboxes. With this action permissions of the mailbox can be added and removed.
For this action, the user account is identified by a variable (default:
%UserObject%). To execute this action successfully, the variable must
have a valid value. The variable is an output variable of the action Script Action: Get user (AD).
The Get User
action supports several ways to find the user and fill the variable.
|
Property Name |
Description |
Typical setting |
Remarks |
|
User Object |
An data structure representing the user account.
The property is used to identify the user account for the mailbox and
is normally generated as a variable by a previous script action ('Creating
user (AD)'). |
%UserObject% |
This property specifies the mailbox
that must exist. The mailbox can be created with other actions. (see Script Action: Create
Exchange Mailbox (2000/2003)) for more information. |
|
Permission: Delete mailbox storage |
Set this property to 'Yes' if you want to
add the permission 'Delete mailbox storage'. |
|
One of the standard permissions you
can add to the mailbox. |
|
Permission: Read permissions |
Set this property to 'Yes' if you want to
add the permission 'Read permissions'. |
|
One of the standard permissions you
can add to the mailbox. |
|
Permission: Change permissions |
Set this property to 'Yes' if you want to
add the permission 'Change permissions'. |
|
One of the standard permissions you
can add to the mailbox. |
|
Permission: Take ownership |
Set this property to 'Yes' if you want to
add the permission 'Take ownership'. |
|
One of the standard permissions you
can add to the mailbox. |
|
Permission: Full mailbox access |
Set this property to 'Yes' if you want to
add the permission 'Full mailbox access'. |
|
One of the standard permissions you
can add to the mailbox. |
|
Permission: Associated external account |
Set this property to 'Yes' if you want to
add the permission 'Associated external account'. |
|
One of the standard permissions you
can add to the mailbox. If you specify this permission, you must also
specify permission Full mailbox access. |
|
Use special permissions |
Set this property to 'Yes' if you want to
add a permission entry specified with the properties 'Special permission
access mask', 'Special permission inheritance' and 'Special permission
deny'. |
|
Only use the special permissions if you cannot
use the standard permissions. When you add a special permission, you also
need to specify the properties: Special
permission access mask and Special permission inheritance. |
|
Special permission access mask |
The access mask used for the access control
entry that is added to the access control list of the mailbox. If you
want to use special permissions, set property 'Use special permissions'
to 'Yes'. |
|
See Use special
permissions. |
|
Special permission inheritance |
The inheritance settings used for the access
control entry that is added to the access control list of the mailbox.
If you want to use special permissions, set property 'Use special permissions'
to 'Yes'. |
|
See Use special permissions.
|
|
Permission deny flag |
A flag indicating if the specified permission
is granted or denied. Set to 'Yes' to deny access. When not specified
or set to 'No', access is granted. |
|
Set this flag to 'Yes' if the permission should
be denied
instead of granted. Normally you only specify permissions for
a mailbox to grant access. You do not need to explicitly deny
access to the mailbox. |
|
Permission account is other account flag |
A flag indicating if the permissions are updated
for the account of the mailbox or another account. If set to 'Yes' a permission
entry is added or removed for another account then the account of the
mailbox. In this case you must also specify property 'Permission account
name' or 'Permission account SID'. |
|
You can add or remove permissions for the
user account of the mailbox or another account. If you don't set this
property to 'Yes', the specified permissions are updated for the account
of the mailbox. If you want to update permissions for another account,
you need to set this property to Yes and specify one of the following properties:
Permission account name or Permission
account SID to identify the
other user account. |
|
Permission account name |
The name of an account for which an permission
is added or permission are removed. If you want to use this property,
you must also set the property 'Permission account is other account flag'. |
|
See Permission
account is other account flag. |
|
Permission account SID |
The security identifier (SID) of an account
for which an permission is added or permission are removed. If you want
to use this property, you must also set the property 'Permission account
is other account flag'. |
|
See Permission account is other account
flag.
|
|
Remove account permission entries |
A flag indicating if the permissions must
be added or removed. If set to 'Yes', the permissions for the specified
account (properties: 'Permission account is other account flag' and 'Permission
account name' or 'Permission account SID') are removed from the mailbox
access control list. |
|
To remove permissions from the mailbox, set
this flag to Yes.
If another account is specified, the permissions for this account are
removed from the mailbox. If no other account is specified, the explicit
permissions for the account of the mailbox are removed. |
