Service: zimbraAccount

Command: GrantRights
Namespace: urn:zimbraAccount
Description: Grant account level rights
Properties:
Authorization token required true
Admin Authorization token required false

GrantRightsRequest

    <GrantRightsRequest> ## GrantRightsRequest
        (<ace [zid="{id}"] gt="{grantee-type} (usr | grp | egp | all | dom | edom | gst | key | pub | email)"
                  right="..." [d="{grantee-name}"] [key="..."] [pw="{password}"] [deny="(0|1)"] [chkgt="(0|1)"] /> ## AccountACEInfo)*
    </GrantRightsRequest>

elements and attributes you can define within a <GrantRightsRequest> element:

XPath Required / Optional Description
/ace Optional (0 or more) Specify Access Control Entries
/ace@zid Optional (0 or 1) Type: String
Zimbra ID of the grantee
/ace@gt Required (only 1) Type: usr | grp | egp | all | dom | edom | gst | key | pub | email
The type of grantee:
  • usr - Zimbra user
  • grp - Zimbra group(distribution list)
  • all - all authenticated users
  • gst - non-Zimbra email address and password (not yet supported)
  • key - external user with an accesskey
  • pub - public authenticated and unauthenticated access
If the value is:
  • usr - either {id} or {grantee-name} is required
  • grp - either {id} or {grantee-name} is required
  • all - {id}, {grantee-name} and {password} are ignored
  • gst - {id} is ignored, {grantee-name} is required, {password} is optional
  • key - {id} is ignored, {grantee-name} is required
  • pub - {id}, {grantee-name} and {password} are ignored
For usr and grp:
  • if {id} is provided, server will lookup the entry by {id} and
  • if {id} is not provided, server will lookup the grantee by {grantee-type} and {grantee-name}
  • if the lookup fails, NO_SUCH_ACCOUNT/NO_SUCH_DISTRIBUTION_LIST will be thrown.
If {grantee-type} == key:
  • if key is given, server will use that as the access key for this grant
  • if key is not given, server will generate an access key
If chkgt is "1 (true)", INVALID_REQUEST will be thrown if wrong grantee type is specified.
/ace@right Required (only 1) Type: String
Right.
Valid values: viewFreeBusy | invite
/ace@d Optional (0 or 1) Type: String
Name or email address of the grantee.
Not present if {grantee-type} is "all" or "pub"
/ace@key Optional (0 or 1) Type: String
Optional access key when {grantee-type} is "key"
/ace@pw Optional (0 or 1) Type: String
Password when {grantee-type} is "gst" (not yet supported)
/ace@deny Optional (0 or 1) Type: 0|1
"1" if a right is specifically denied or "0" (default)
/ace@chkgt Optional (0 or 1) Type: 0|1
"1 (true)" if check grantee type or "0 (false)" (default)

GrantRightsResponse

    <GrantRightsResponse> ## GrantRightsResponse
        (<ace [zid="{id}"] gt="{grantee-type} (usr | grp | egp | all | dom | edom | gst | key | pub | email)"
                  right="..." [d="{grantee-name}"] [key="..."] [pw="{password}"] [deny="(0|1)"] [chkgt="(0|1)"] /> ## AccountACEInfo)*
    </GrantRightsResponse>

elements and attributes you can define within a <GrantRightsResponse> element:

XPath Required / Optional Description
/ace Optional (0 or more) Access Control Entries
/ace@zid Optional (0 or 1) Type: String
Zimbra ID of the grantee
/ace@gt Required (only 1) Type: usr | grp | egp | all | dom | edom | gst | key | pub | email
The type of grantee:
  • usr - Zimbra user
  • grp - Zimbra group(distribution list)
  • all - all authenticated users
  • gst - non-Zimbra email address and password (not yet supported)
  • key - external user with an accesskey
  • pub - public authenticated and unauthenticated access
If the value is:
  • usr - either {id} or {grantee-name} is required
  • grp - either {id} or {grantee-name} is required
  • all - {id}, {grantee-name} and {password} are ignored
  • gst - {id} is ignored, {grantee-name} is required, {password} is optional
  • key - {id} is ignored, {grantee-name} is required
  • pub - {id}, {grantee-name} and {password} are ignored
For usr and grp:
  • if {id} is provided, server will lookup the entry by {id} and
  • if {id} is not provided, server will lookup the grantee by {grantee-type} and {grantee-name}
  • if the lookup fails, NO_SUCH_ACCOUNT/NO_SUCH_DISTRIBUTION_LIST will be thrown.
If {grantee-type} == key:
  • if key is given, server will use that as the access key for this grant
  • if key is not given, server will generate an access key
If chkgt is "1 (true)", INVALID_REQUEST will be thrown if wrong grantee type is specified.
/ace@right Required (only 1) Type: String
Right.
Valid values: viewFreeBusy | invite
/ace@d Optional (0 or 1) Type: String
Name or email address of the grantee.
Not present if {grantee-type} is "all" or "pub"
/ace@key Optional (0 or 1) Type: String
Optional access key when {grantee-type} is "key"
/ace@pw Optional (0 or 1) Type: String
Password when {grantee-type} is "gst" (not yet supported)
/ace@deny Optional (0 or 1) Type: 0|1
"1" if a right is specifically denied or "0" (default)
/ace@chkgt Optional (0 or 1) Type: 0|1
"1 (true)" if check grantee type or "0 (false)" (default)
 
© Copyright , The Zextras Team. All rights reserved.