Service: zimbraMail
Namespace: "urn:zimbraMail"
GetPermission SOAP Command

Get account level permissions
If no <ace> elements are provided, all ACEs are returned in the response.
If <ace> elements are provided, only those ACEs with specified rights are returned in the response.

Authorization token required true
Admin Authorization token required false
Deprecation information Note: to be deprecated in Zimbra 9. Use zimbraAccount GetRights instead.

GetPermissionRequest

    <GetPermissionRequest> ## GetPermissionRequest
        (<ace right="{right-name}" /> ## Right)*
    </GetPermissionRequest>

The following table describes elements and attributes you can define within a <GetPermissionRequest> element:

XPath Required / Optional Description
/ace Optional (0 or more) Specification of rights
/ace@right Required (only 1) Type:String
Name for right

GetPermissionResponse

    <GetPermissionResponse> ## GetPermissionResponse
        (<ace [zid="{grantee-zimbra-id}"] gt="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"
                  right="{right}" [d="{grantee-name}"] [key="{access-key}"] [pw="{password}"] [deny="{deny} (0|1)"] /> ## AccountACEinfo)*
    </GetPermissionResponse>

The following table describes elements and attributes you can define within a <GetPermissionResponse> element:

XPath Required / Optional Description
/ace Optional (0 or more) Account ACE information
/ace@zid Optional (0 or 1) Type:String
Zimbra ID of the grantee
/ace@gt Required (only 1) Type:usr|grp|egp|all|dom|edom|gst|key|pub|email
Grantee type
usr Zimbra User
grp Zimbra Group (distribution list)
all all authenticated users
gst non-Zimbra email address and password (not yet supported)
key external user with accesskey
pub public authenticated and unauthenticated access
/ace@right Required (only 1) Type:String
Right - viewFreeBusy | invite
/ace@d Optional (0 or 1) Type:String
Name or email address of the grantee. Not present if {grantee-type} is "all" or "pub"
/ace@key Optional (0 or 1) Type:String
Optional argument. Access key when {grantee-type} is "key"
/ace@pw Optional (0 or 1) Type:String
Optional argument. Password when {grantee-type} is "gst" (not yet supported)
/ace@deny Optional (0 or 1) Type:0|1
Set if a right is specifically denied. Default is unset.