Accessing Public Folder Permissions Programmatically

I recently came across a need to programmatically access a list of users and permissions for a Public Folder. Seeing as how there is no way to do this with Outlook VBA or CDO, I had to find a way to do this. Luckily, the Exchange 5.5 SDK includes an ACL Component (ACL.dll) that provides an API to access these security settings. The full reference material is here:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/exchserv/html/comcpnts_8f04.asp.

Exchange MVP Siegfried Weber has also created a Folder Permission Viewer, an excellent utility that not only provides a UI for displaying a treeview of Outlook folders, but recreates the Folder Permissions dialog from Outlook. You can download Sig’s sample here:

http://www.cdolive.com/aclviewer.htm.

Both the SDK and Sig’s sample were instrumental in helping me solve my problem. It is not rocket science, and I’ve provided some code below that illustrates how to access the permissions for a given CDO.Folder object. Aside from a Win32API call for accessing NT account information, and a wack of ACL constants, it is pretty easy to see what is going on. All that really happens is an ACLObject for a given folder is retrieved, and through it you get a collection of ACEs (Access Control Entries), one for each user. Each ACLObject in a set of ACEs has the properties that tell us what rights the user has, such as CreateItems, DeleteAll etc. The Rights property provides access to the user’s role for that folder – Owner, Author, etc. Another procedure, GetUserInfo, takes the SID (Security Identifier) from an ACLObject to get a CDO AddressEntry object. This lets us get the Exchange DN for the user, as well as their full name (as it appears in the GAL, for example).

You can easily incorporate the VB code below into your solution. As long as you have a valid CDO.Session object initiated, and you pass a CDO.Folder object to the GetPermissions procedure, you are good to go! Just tweak the code as you see fit, based on what you need to do with the users and their rights that you retrieve.

Eric Legault

Full-stack product builder & consultant for Microsoft 365 & Graph. Microsoft MVP 2003 - 2019. Outlook add-in guru. Rocker. Video/audio engineer. Collects Thors.

You may also like...

%d bloggers like this: