Here is a quick summary of the order of an ACE:
who ^ flags ^ how ^ grant
Where:
who = A string, type (str).
flags = One of the characters c, p, or a.
how = An access-string composed of one or more of the access control characters described earlier in Access Control Information.
grant = One of the characters g, or d
Here are some examples of circumstances and how the ACE would be set in the acl parameter for the jdoe calendar:
To grant john read access to both components and calendar properties (acl=john a r g), and to grant susan write and delete access to components only (acl=susan c wd g), the entire command is:
set_calprops.wcap?id=${SESSIONID} &calid=jdoe&acl=john^a^r^g;susan^c^wd^g |
To grant all users in a domain schedule, free-busy, and read access to a calendar (@domainname a sfr g), to grant owners write and delete access to components only (@@o c wd g), to grant owners self-administration rights, and schedule, free-busy, and read access to both components and calendar properties (@@o a zsfr g), to deny susan all access to both components and calendar properties (susan a zsfdwr d), and to grant read access to all users (@ c r g), the entire command is:
set_calprops.wcap?id=${SESSIONID}&calid=jdoe &acl=@domainname^a^sfr^g; @@o^c^wd^g; @@o^a^zsfr^g; susan^a^zfsdwr^d; @^c^r^g |
An administrator can override the access control of all WCAP commands if he is logged in as administrator and the server configuration preference service.admin.calmaster.overrides.accesscontrol is set to “yes” in the ics.conf file.
User Interface Operation |
ACL Required |
Example |
Description |
---|---|---|---|
Delete Events and Todos |
Modify Events and Todos, and Delete Components or, Delete Calendar |
c^d^g or, a^d^g |
To delete events or todos, you need modify permission, and either delete components or delete calendar permission. |
Free-busy |
Free-busy Components or Free-busy Calendar |
c^f^g a^f^g |
To view a free-busy representation of a calendar (the events and todos), you need free-busy components or free-busy calendar permission. |
Modify Events and Todos |
Read Events and Todos, and Write Components or, Write Calendar |
c^w^g a^w^g |
To modify components of a calendar (events and todos), you need read permission, and either write components or write calendar permission. |
Read Events on a Calendar |
Read Calendar |
a^r^g |
To read components, you must have read calendar permission. Note that read components permission (c^r^g) does not work. |
Schedule (Invite) |
Schedule Calendar |
a^s^g |
To invite someone, you need schedule calendar permission. |
Subscribe |
Read Properties |
p^r^g |
To subscribe to a calendar, you must have read properties permission. |