RFC 2086 (rfc2086) - Page 3 of 8


IMAP4 ACL extension



Alternative Format: Original Text Document



RFC 2086                     ACL extension                  January 1997


   It is possible for multiple identifiers in an access control list to
   apply to a given user (or other authentication identity).  For
   example, an ACL may include rights to be granted to the identifier
   matching the user, one or more implementation-defined identifiers
   matching groups which include the user, and/or the identifier
   "anyone".  How these rights are combined to determine the user's
   access is implementation-defined.  An implementation may choose, for
   example, to use the union of the rights granted to the applicable
   identifiers.  An implementation may instead choose, for example, to
   only use those rights granted to the most specific identifier present
   in the ACL. A client may determine the set of rights granted to the
   logged-in user for a given mailbox by using the MYRIGHTS command.

   When an identifier in an ACL starts with a dash ("-"), that indicates
   that associated rights are to be removed from the identifier that is
   prefixed by the dash.  For example, if the identifier "-fred" is
   granted the "w" right, that indicates that the "w" right is to be
   removed from users matching the identifier "fred".  Implementations
   need not support having identifiers which start with a dash in ACLs.

4.   Commands

4.1. SETACL

   Arguments:  mailbox name
               authentication identifier
               access right modification

   Data:       no specific data for this command

   Result:     OK - setacl completed
               NO - setacl failure: can't set acl
              BAD - command unknown or arguments invalid

      The SETACL command changes the access control list on the
      specified mailbox so that the specified identifier is granted
      permissions as specified in the third argument.

      The third argument is a string containing an optional plus ("+")
      or minus ("-") prefix, followed by zero or more rights characters.
      If the string starts with a plus, the following rights are added
      to any existing rights for the identifier.  If the string starts
      with a minus, the following rights are removed from any existing
      rights for the identifier.  If the string does not start with a
      plus or minus, the rights replace any existing rights for the
      identifier.





Myers                       Standards Track