Outlook Connector assigns Access Control Elements (ACEs) differently from Communications Express (UWC) and Convergence (IWC) (Doc ID 1330072.1)

Last updated on JANUARY 11, 2017

Applies to:

Oracle Communications Connector for Microsoft Outlook - Version: 7.3u1 and later   [Release: 7.0 and later ]
Information in this document applies to any platform.

Symptoms

When a user uses Outlook Connector to share a calendar out to another user, the resulting access control elements (ACEs) are different compared to Communications Express (UWC) and Convergence (IWC).

UWC and Convergence add "deny" ACEs for any rights that are not granted to the user, Outlook Connector does not.

The "deny" ACE that Outlook Connector does not add (it is added by UWC and Convergence) means that in some cases, some users may be unintentionally granted access. And it is inconsistent with the ACEs generated by the other Comms products (UWC, Convergence).

Example:

Calendar 6.3 121657-45.
UWC / Communications Express 6.3 122793-34.
Convergence 1 137631-16.
Outlook Connector 7.3 139162-10.

1. A user "test1" has a calendar with the following ACEs:

#./cscal -v list test1@my.sun.com
...
aces=@@o^a^r^g;@@o^c^wdeic^g;@^a^sf^g;@^c^^g;@^p^r^g
...

2. In UWC, add "availability" permission for user "test5". The resulting ACEs:

aces=test5@my.sun.com^a^f^g;test5@my.sun.com^p^r^g;test5@my.sun.com^c^^g;test5@my.sun.com^c^rwds^d;@@o^a^rsf^g;@@o^p^rw^g;@@o^c^wdeic^g;@^a^sf^g;@^p^r^g;@^c^^g;@^c^rwd^d

3. Set the calendar ACEs back to original:

# ./cscal -a "@@o^a^r^g;@@o^c^
wdeic^g;@^a^sf^g;@^c^^g;@^p^r^g" modify test1@my.sun.com:cal2

4. In Convergence, add "availability" permission for user "test5". The resulting ACEs:

aces=test5@my.sun.com^a^f^g;test5@my.sun.com^p^r^g;test5@my.sun.com^a^rs^d;test5@my.sun.com^c^wd^d;@@o^a^r^g;@@o^c^wdeic^g;@@o^p^rw^g;@^a^sf^g;@^p^r^g;@^a^r^d;@^c^wd^d

5. Set the calendar ACEs back to original:

# ./cscal -a "@@o^a^r^g;@@o^c^
wdeic^g;@^a^sf^g;@^c^^g;@^p^r^g" modify test1@my.sun.com:cal2

6. In Outlook Connector, add "availability" permission for user "test5". The resulting ACEs:

aces=@@o^a^r^g;@@o^c^wdeic^g;@@o^p^rw^g;test5@my.sun.com^a^f^g;test5@my.sun.com^c^^g;test5@my.sun.com^p^r^g;@^a^sf^g;@^c^^g;@^p^r^g

7. Set the calendar ACEs back to original:

# ./cscal -a "@@o^a^r^g;@@o^c^
wdeic^g;@^a^sf^g;@^c^^g;@^p^r^g" modify test1@my.sun.com:cal2

8. In Calendar Express, add "availability" permission for user "test5". The resulting ACEs:

aces=@@o^c^WDEIC^g;@@o^a^RSF^g;@^a^fs^g;@^c^^g;test5@my.sun.com^a^f^g;test5@my.sun.com^c^^g;@^p^r^g;test5@my.sun.com^p^r^g

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms