Service: zimbraMail
Namespace: "urn:zimbraMail"
RevokePermission SOAP Command

Revoke account level permissions
RevokePermissionResponse returns permissions that are successfully revoked.

Authorization token required true
Admin Authorization token required false
Deprecation information Note: to be deprecated in Zimbra 9. Use zimbraAccount RevokeRights instead.

RevokePermissionRequest

    <RevokePermissionRequest> ## RevokePermissionRequest
        (<ace [zid="{grantee-zimbra-id}"] gt="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"
                  right="{right}" [d="{grantee-name}"] [key="{access-key}"] [pw="{password}"] [deny="{deny} (0|1)"] /> ## AccountACEinfo)*
    </RevokePermissionRequest>

The following table describes elements and attributes you can define within a <RevokePermissionRequest> element:

XPath Required / Optional Description
/ace Optional (0 or more) Specify Access Control Entries (ACEs)
/ace@zid Optional (0 or 1) Type:String
Zimbra ID of the grantee
/ace@gt Required (only 1) Type:usr|grp|egp|all|dom|edom|gst|key|pub|email
Grantee type
usr Zimbra User
grp Zimbra Group (distribution list)
all all authenticated users
gst non-Zimbra email address and password (not yet supported)
key external user with accesskey
pub public authenticated and unauthenticated access
/ace@right Required (only 1) Type:String
Right - viewFreeBusy | invite
/ace@d Optional (0 or 1) Type:String
Name or email address of the grantee. Not present if {grantee-type} is "all" or "pub"
/ace@key Optional (0 or 1) Type:String
Optional argument. Access key when {grantee-type} is "key"
/ace@pw Optional (0 or 1) Type:String
Optional argument. Password when {grantee-type} is "gst" (not yet supported)
/ace@deny Optional (0 or 1) Type:0|1
Set if a right is specifically denied. Default is unset.

RevokePermissionResponse

    <RevokePermissionResponse> ## RevokePermissionResponse
        (<ace [zid="{grantee-zimbra-id}"] gt="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"
                  right="{right}" [d="{grantee-name}"] [key="{access-key}"] [pw="{password}"] [deny="{deny} (0|1)"] /> ## AccountACEinfo)*
    </RevokePermissionResponse>

The following table describes elements and attributes you can define within a <RevokePermissionResponse> element:

XPath Required / Optional Description
/ace Optional (0 or more) Permissions that were successfully revoked
/ace@zid Optional (0 or 1) Type:String
Zimbra ID of the grantee
/ace@gt Required (only 1) Type:usr|grp|egp|all|dom|edom|gst|key|pub|email
Grantee type
usr Zimbra User
grp Zimbra Group (distribution list)
all all authenticated users
gst non-Zimbra email address and password (not yet supported)
key external user with accesskey
pub public authenticated and unauthenticated access
/ace@right Required (only 1) Type:String
Right - viewFreeBusy | invite
/ace@d Optional (0 or 1) Type:String
Name or email address of the grantee. Not present if {grantee-type} is "all" or "pub"
/ace@key Optional (0 or 1) Type:String
Optional argument. Access key when {grantee-type} is "key"
/ace@pw Optional (0 or 1) Type:String
Optional argument. Password when {grantee-type} is "gst" (not yet supported)
/ace@deny Optional (0 or 1) Type:0|1
Set if a right is specifically denied. Default is unset.