Library Group Containers Outlook

Note: This chapter describes property list keys specific to the macOS implementation of App Sandbox. They are not available in iOS.

In your macOS Xcode project, configure fine-grained security permissions by enabling settings in the Summary tab of the target editor. These settings, in turn, add Boolean values to entitlement keys in the target’s .entitlementsproperty list file. The values are then incorporated into the target’s code signature when you build the project.

You can think of using App Sandbox entitlements as a two-step process:

  • Right-Click Microsoft Outlook, and select Show Package Contents. Expand Contents, SharedSupport, and open Outlook Profile Manager. Note You can create an alias for the Outlook Profile Manager, and move it to your desktop or another convenient location if you prefer. Outlook for Mac 2011.
  • Feb 17, 2020 This Outlook Mac Database Recovery Tool is an one-stop solution which allows users to rebuild Outlook Database Mac 2016, 2011 as well as Outlook 365 profiles. Additionally, it provides several other features as well such as 10 file format options to export data, option to preserve folder hierarchy, etc.
  • Within the Library folder navigate to the Group Containers folder Within the Group Containers folder look for a folder starting with 'UB' and ending with.office Open this folder and you will see the Outlook folder Within this folder are located any profiles you created - you can delete these as you wish.
  • Wrong location of the Outlook profile folder. If you are using Microsoft Outlook 2016 for Mac or newer (which is the most plausible scenario), the valid path of the folder named “Outlook 15 Profiles” that stores profile information is as follows: /Library/Group Containers/UBF8T346G9.Office/Outlook.

' Please quit the outlook aplication, then copy paste this command '/Library/Group Containers/' in spotlight, and then, removed this file from 'Library/Group.

  1. Sandbox a target, which removes most capabilities for interacting with the system

  2. Restore capabilities to the sandboxed target, as needed, by configuring App Sandbox entitlements

At runtime, if a target requires a capability or a system resource for which the target isn’t entitled, the sandbox daemon (sandboxd) logs a violation message to the console.

For more information about App Sandbox, read App Sandbox Design Guide.

App Sandbox Entitlement Keys

This section describes the keys you can use to confer capabilities to a sandboxed app in macOS. The first key enables App Sandbox; the others configure the sandbox. If App Sandbox is not enabled, the other keys in this section are meaningless.

The value to use for any of these keys is a Boolean YES or NO, with the default value in each case being NO. If you are editing the .entitlements file directly in a text editor, the corresponding Boolean values to use are <true/> and <false/>. The default value for each key is false, so you can (and generally should) leave out the entitlement entirely rather than specifying a false value.

In cases where there are read-only and read/write entitlement key pairs, use of either key in the pair is mutually exclusive with the other.

Add these keys by using the Summary tab of the Xcode target editor. You can also add them directly to a target’s .entitlements file with the Xcode property list editor.

For information on additional entitlements for handling special circumstances, see App Sandbox Temporary Exception Entitlements.

For each key in this table, providing a Boolean value of YES enables the corresponding capability (unless otherwise noted).

Capability

Enables App Sandbox for a target in an Xcode project

Allows access to group containers that are shared among multiple apps produced by a single development team, and allows certain additional interprocess communication between the apps

Supported in macOS v10.7.5 and in v10.8.3 and later. The format for this attribute is described in Adding an App to an App Group.

Read-only access to the user’s Movies folder and iTunes movies

For details, see Enabling Access to Files in Standard Locations.

Read/write access to the user’s Movies folder and iTunes movies

For details, see Enabling Access to Files in Standard Locations.

Read-only access to the user’s Music folder

For details, see Enabling Access to Files in Standard Locations.

Read/write access to the user’s Music folder

For details, see Enabling Access to Files in Standard Locations.

Read-only access to the user’s Pictures folder

For details, see Enabling Access to Files in Standard Locations.

Read/write access to the user’s Pictures folder

For details, see Enabling Access to Files in Standard Locations.

Communication with AVB devices

Library Group Containers Outlook 365

For details, see Enabling Hardware Access.

Interaction with Bluetooth devices

For details, see Enabling Hardware Access.

Capture of movies and still images using the built-in camera, if available

For details, see Enabling Hardware Access.

Interaction with FireWire devices (currently, does not support interaction with audio/video devices such as DV cameras)

For details, see Enabling Hardware Access.

Recording of audio using the built-in microphone, if available, along with access to audio input using any Core Audio API that supports audio input

For details, see Enabling Hardware Access.

Interaction with serial devices

For details, see Enabling Hardware Access.

Interaction with USB devices, including HID devices such as joysticks

For details, see Enabling Hardware Access.

Read/write access to the user’s Downloads folder

For details, see Enabling Access to Files in Standard Locations.

Use of app-scoped bookmarks and URLs

For details, see Enabling Security-Scoped Bookmark and URL Access.

Use of document-scoped bookmarks and URLs

For details, see Enabling Security-Scoped Bookmark and URL Access.

Read-only access to files the user has selected using an Open or Save dialog

For details, see Enabling User-Selected File Access.

Read/write access to files the user has selected using an Open or Save dialog

For details, see Enabling User-Selected File Access.

Allows apps to write executable files.

For details, see Enabling User-Selected File Access.

Child process inheritance of the parent’s sandbox

For details, see Enabling App Sandbox Inheritance.

Network socket for connecting to other machines

For details, see Enabling Network Access.

Network socket for listening for incoming connections initiated by other machines

For details, see Enabling Network Access.

com.apple.security.personal-information.addressbook

Read/write access to contacts in the user’s address book; allows apps to infer the default address book if more than one is present on a system

For details, see Enabling Personal Information Access.

Read/write access to the user’s calendars

For details, see Enabling Personal Information Access.

Use of the Core Location framework for determining the computer’s geographical location

For details, see Enabling Personal Information Access.

Printing

For details, see Enabling Hardware Access.

Ability to use specific AppleScript scripting access groups within a specific scriptable app

For details, see Enabling Scripting of Other Apps.

Enabling App Sandbox

You enable App Sandbox individually for each target in an macOS Xcode project. For example, you may design a project as a main app, and some helpers in the form of XPC services. You then enable and configure the sandbox for each target individually.

To learn how to enable App Sandbox for your macOS app, which includes performing code signing, see App Sandbox Quick Start in App Sandbox Design Guide. The essential step is to ensure that the target editor checkbox named in Table 4-1 is selected.

Table 4-1 Xcode setting for enabling App Sandbox

Setting

Entitlement key

Enable App Sandboxing

com.apple.security.app-sandbox

/library/group containers/ubf8t346g9.office/outlook/outlook 15 profiles/

Enabling User-Selected File Access

Xcode provides a pop-up menu, in the Summary tab of the target editor, with choices to enable read-only or read/write access to files and folders that the user explicitly selects. When you enable user-selected file access, you gain programmatic access to files and folders that the user opens using an NSOpenPanel object, and files the user saves using an NSSavePanel object.

Certain other user interactions, such as dragging items to your app or choosing items from the Open Recent menu, automatically expand your sandbox to include those items. Similarly, when macOS resumes an app after a reboot, the sandbox is automatically expanded to include any items that are automatically opened.

To enable user-selected file access in your app, use the Xcode target editor setting shown in Table 4-2.

Note: If your app needs to create executable files that are typically executed in some way other than through Launch Services (shell scripts, for example), you should also specify the com.apple.security.files.user-selected.executable entitlement.

By default, when writing executable files in sandboxed apps, the files are quarantined. Gatekeeper prevents quarantined executable files and other similar files (shell scripts, web archives, and so on) from opening or executing unless the user explicitly launches them from Finder.

If those executables are tools that are intended to run from the command line, such as shell scripts, this presents a problem. With this flag, the file quarantine system allows the app to write non-quarantined executables so that Gatekeeper does not prevent them from executing.

This entitlement does not have an Xcode checkbox, and thus must be added to your app’s entitlement property list manually. For details, see App Sandbox Entitlement Keys.

Table 4-2 Xcode setting for user-selected file and folder access

Setting

Entitlement keys

User Selected File

com.apple.security.files.user-selected.read-only

com.apple.security.files.user-selected.read-write

Enabling Access to Files in Standard Locations

In addition to granting user-selected file access, you can employ entitlements to grant programmatic file access to the following user folders:

  • Downloads

  • Music

  • Movies

  • Pictures

The Xcode control for enabling Downloads folder access is a checkbox; the controls for enabling access to these other folders are pop-up menus.

When you enable programmatic access to the user’s Movies folder, you also gain access to their iTunes movies.

Reopening of files by macOS using Resume does not require the presence of any entitlement key.

To enable programmatic access to specific folders, use the Xcode target editor settings shown in Table 4-3.

Table 4-3 Xcode settings for programmatic file and folder access

Setting

Entitlement keys

Downloads Folder

com.apple.security.files.downloads.read-write

Music Folder

com.apple.security.assets.music.read-only

com.apple.security.assets.music.read-write

Movies Folder

com.apple.security.assets.movies.read-only

com.apple.security.assets.movies.read-write

Pictures Folder

com.apple.security.assets.pictures.read-only

com.apple.security.assets.pictures.read-write

Enabling Security-Scoped Bookmark and URL Access

If you want to provide your sandboxed app with persistent access to file system resources, you must enable security-scoped bookmark and URL access. Security-scoped bookmarks are available starting in macOS v10.7.3.

To add the bookmarks.app-scope or bookmarks.document-scope entitlement, edit the target’s.entitlementsproperty list file using the Xcode property list editor. Use the entitlement keys shown in Table 4-4, depending on which type of access you want. Use a value of <true/> for each entitlement you want to enable. You can enable either or both entitlements.

For more information on security-scoped bookmarks, read Security-Scoped Bookmarks and Persistent Resource Access in App Sandbox Design Guide.

Table 4-4 Entitlement keys for enabling security-scoped bookmark and URL access

Entitlement key

Description

com.apple.security.files.bookmarks.app-scope

Enables use of app-scoped bookmarks and URLs

com.apple.security.files.bookmarks.document-scope

Enables use of document-scoped bookmarks and URLs.

Version note: in macOS v10.7.3, this entitlement key was named com.apple.security.files.bookmarks.collection-scope

Enabling Network Access

Xcode’s Network checkboxes in the Summary tab of the target editor let you enable network access for your app.

To enable your app to connect to a server process running on another machine (or on the same machine), enable outgoing network connections.

To enable opening a network listening socket so that other computers can connect to your app, allow incoming network connections.

Note: Both outgoing and incoming connections can send and receive data. The sole difference is in whether your app is initiating the connection or is receiving connections initiated by other apps or other hosts.

To enable network access, use the Xcode target editor settings shown in Table 4-5.

Table 4-5 Xcode settings for network access

Setting

Entitlement key

Allow Incoming Connections

com.apple.security.network.server

Allow Outgoing Connections

com.apple.security.network.client

Enabling Hardware Access

To allow a sandboxed target to access hardware services on a system—USB, printing, or the built-in camera and microphone—enable the corresponding setting in the Summary tab of the Xcode target editor.

  • Camera access enables access to video and still image capture using the built-in camera, if available.

  • Microphone access enables access to audio recording using the built-in microphone, if available.

  • USB access enables the ability to interact with USB devices using USB device access APIs. On violation, sandboxd names the I/O Kit class your code tried to access.

  • Printing access is required if you want to provide a target with the ability to print.

To enable access to hardware, use the Xcode target editor settings shown in Table 4-6.

Table 4-6 Xcode settings for hardware access

Setting

Entitlement key

Allow Camera Access

com.apple.security.device.camera

Allow Microphone Access

com.apple.security.device.audio-input

Allow USB Access

com.apple.security.device.usb

Allow Printing

com.apple.security.print

To allow access to hardware devices for which no checkbox exists in Xcode’s user interface, you must manually add the appropriate entitlement to your app’s entitlements property list. These additional entitlements are listed in Table 4-7. All of these keys take a Boolean value.

Table 4-7 Other entitlement keys for accessing hardware

Entitlement key

Description

com.apple.security.device.audio-video-bridging

Interaction with AVB devices by using the Audio Video Bridging framework

com.apple.security.device.bluetooth

Interaction with Bluetooth devices

com.apple.security.device.firewire

Interaction with FireWire devices (currently, does not support interaction with audio/video devices such as DV cameras)

com.apple.security.device.serial

Interaction with serial devices

Enabling Personal Information Access

A user’s personal information is inaccessible to your sandboxed app unless you grant access using the appropriate settings.

  • Address Book access enables read/write access to contacts in the user’s address book.

  • Location Services access enables use of the Core Location framework to determine the computer’s geographic position.

  • Calendar access enables read/write access to the user’s calendars.

To enable access to personal information, use the Xcode target editor settings shown in Table 4-8.

Table 4-8 Xcode settings for access to a user’s personal information

Setting

Entitlement key

Allow Address Book Data Access

com.apple.security.personal-information.addressbook

Allow Location Services Access

com.apple.security.personal-information.location

Allow Calendar Data Access

com.apple.security.personal-information.calendars

Adding an App to an App Group

The com.apple.security.application-groups (available in macOS v10.7.5 and v10.8.3 and later) allows multiple apps produced by a single development team to share access to a special group container. This container is intended for content that is not user-facing, such as shared caches or databases.

In addition, this attribute allows the apps within the group to share Mach and POSIX semaphores and to use certain other IPC mechanisms among the group’s members. For additional details and naming conventions, read “Mach IPC and POSIX Semaphores and Shared Memory” in App Sandbox Design Guide.

The value for this key must be of type array, and must contain one or more string values, each of which must consist of your development team ID, followed by a period, followed by an arbitrary name chosen by your development team. For example:

The group containers are automatically created or added into each app’s sandbox container as determined by the existence of these keys. The group containers are stored in ~/Library/Group Containers/<application-group-id>, where <application-group-id> is one of the strings from the array. Your app can obtain the path to the group containers by calling the containerURLForSecurityApplicationGroupIdentifier: method of NSFileManager.

Enabling App Sandbox Inheritance

If your app employs a child process created with either the posix_spawn function or the NSTask class, you can configure the child process to inherit the sandbox of its parent. However, using a child process does not provide the security afforded by using an XPC service.

Important: XPC (as described in External Tools, XPC Services, and Privilege Separation) complements App Sandbox and is the preferred technology for implementing privilege separation in an macOS app. Before using a child process, consider using an XPC service instead.

To enable sandbox inheritance, a child target must use exactly two App Sandbox entitlement keys: com.apple.security.app-sandbox and com.apple.security.inherit. If you specify any other App Sandbox entitlement, the system aborts the child process. You can, however, confer other capabilities to a child process by way of iCloud and notification entitlements.

The main app in an Xcode project must never have a YES value for the inherit entitlement.

To add the inherit entitlement, edit the target’s .entitlementsproperty list file using the Xcode property list editor. Use the entitlement key shown in Table 4-9 with a value of <true/>.

Note: This property causes the child process to inherit only the static rights defined in the main app’s entitlements file, not any rights added to your sandbox after launch (such as PowerBox access to files).

If you need to provide access to files opened after launch, you must either pass the data to the helper or pass a bookmark to the child process. The bookmark need not be a security-scoped bookmark, but it can be, if desired.

If you are using other APIs to create child processes (such as NSWorkspace) and wish to have a shared container directory, you must use an app group.

Table 4-9 Entitlement key for inheriting the parent process’s App Sandbox

Entitlement key

Description

com.apple.security.inherit

Enables App Sandbox inheritance

Enabling Scripting of Other Apps

If your app needs to control another scriptable app, your app can use the scripting targets entitlement to request access to one or more of the scriptable app’s scripting access groups.

Note: Before you can use this entitlement, the scriptable app must provide scripting access groups. If it does not, you can still control the app, but you use a temporary exception entitlement instead. In some cases, you may use both scripting-targets entitlement and a temporary entitlement together, to provide support across different versions of the OS. For more information, see Apple Event Temporary Exception.

Table 4-10 Entitlement key for accessing scripting targets

Entitlement key

Description

com.apple.security.scripting-targets

Ability to use specific AppleScript scripting access groups within a specific scriptable app

The scripting target entitlement contains a dictionary where each entry has the target app’s code signing identifier as the key, and an array of scripting access groups as the value. Scripting access groups are identified by strings and are specific to an app. For example, the following entry would grant access to composing mail messages with Apple’s Mail app:

For more information about how to add scripting access groups to an app, watch WWDC 2012: Secure Automation Techniques in OS X and read the manual page for sdef.



Copyright © 2017 Apple Inc. All Rights Reserved. Terms of Use | Privacy Policy | Updated: 2017-03-27

HomeHow to TipsHow to Manage & Rebuild Outlook Database Mac 2016 Via Outlook Profile...

When it comes to email clients, Microsoft Outlook’s name comes first as it is one of the most commonly used email clients. It acts as a personal information manager that manages user’s information in an efficient way. It manages emails, calendars, contacts, tasks, etc. and is available for both Mac and Windows. There are some features that make Outlook Mac 2016 different from Mac Outlook 2011. Outlook Mac 2016 has a more standardized look and feel and also it provides integration with OneDrive. Read to know how to rebuild Outlook database Mac 2016 profiles and how to backup Mac Outlook database.

Library Group Containers Outlook Login

In the case of Outlook Mac 2016, the performance factor has improved this is because Microsoft switched from its previous database to SQLite. Besides all this, some situations occur in which a user has to repair and rebuild the Outlook profile Mac 2016. Now, Outlook Mac 2016 user can easily repair and rebuilds the profile as Office 2016 automatically rebuilds the Outlook Mac profile if issues like Outlook data corruption occur. This is one of the main upgrades from Office 2011 for Mac, in which the user had to manually rebuild the Office database.

Location of Outlook 2011, 2016 Mac Profile

  1. For Outlook 2016 Mac: /Users/me/Library/Group Containers/123THEID.Office/Outlook/Outlook 15 Profiles/Main Profile/Data/Messages/
  2. For Outlook 2011 Mac: /Applications/Microsoft Office 2011/Office/

Easy Solution to Rebuild Outlook Database Mac 2016

The users who are facing issues with Mac Outlook Database / Profiles / Identities can try this hassle free way to repair and use Mac Outlook 2016, 2011 without any issue. This Outlook Mac Database Recovery Tool is an one-stop solution which allows users to rebuild Outlook Database Mac 2016, 2011 as well as Outlook 365 profiles. Additionally, it provides several other features as well such as 10 file format options to export data, option to preserve folder hierarchy, etc.

Let’s have a look at some of its features:

  • Rebuild Outlook Database Mac 2016, 2011 Easily
  • Repair & Export Mac Outlook Profile in 10 File Formats
  • Rebuild Database & Maintain Folder Hierarchy
  • Date & Category-Based Filter & Repair Important Data

Manage Profiles in Outlook 2016 for Mac using Outlook Profile Manager

Library Group Containers Outlook Web

In Outlook 2016 for Mac, one can manage profiles with Outlook Profile Manager. It is an inbuilt tool for Outlook Mac 2016 by using this utility one can create a new profile or delete the existing profile and much more. You can not use the Outlook Profile Manager in Outlook 2011 for Mac as it is an inbuilt utility for Outlook Mac 2016 only. Step to manage profiles in Outlook 2016 for Mac are given below:

/library/group Containers/ubf8t346g9.office/outlook

Learn How to Rebuild Outlook Database Mac 2016 Profiles Via Outlook Profile Manager

Library Group Containers Outlook Server

Follow below mentioned steps to manage and rebuild Mac Outlook 2016 profiles via Outlook profile manager.

Access Outlook Profile Manager

  1. First, you have open the Finder menu and then navigate to Applications
  2. Click on Control, in the Applications window
  3. Now, you have to click on Microsoft Outlook and choose Show Package Contents
  4. After this, navigate to Contents and then Shared Support
  5. Now, open Outlook Profile Manager

Create a New Profile for Outlook Mac 2016

  1. Once, you have opened the Outlook Profile Manager, click on the + (plus) button
  2. Now, in the text box, you have to type a name for the new profile and then press Return

Delete a Profile

  1. To delete a profile in Outlook Profile Manager, click on the profile to delete
  2. Now, you click on the – (minus) button
  3. A confirmation dialog box will appear, click on Delete in the confirmation dialog box

Set a Default Profile

Library Group Containers Outlook Download

  1. In Outlook Profile Manager set a default profile by clicking on the profile to set as default option
  2. Now, click on the gear button and choose Set as default

Steps to Rebuild Outlook Profile Mac 2011

Library Group Containers Outlook 365

To rebuild Outlook profile Mac 2011 you just have to follow the steps given below:

1. First, click on the Turn Off Office Reminders on the Outlook menu
2. Now, you have to quit all the Microsoft Office application including Outlook and Messenger for Mac also
3. Open the Microsoft Database Utility (Default Location is Applications/Microsoft Office 2011/Office)
4. After that, you have to click on the identity of the database you want to rebuild
5. Click on the Rebuild option

How to Take Backup of Mac Outlook 2016 Database?

In-spite of creating OLM file in the backend the Microsoft Outlook 2016 for Mac also stores messages and other items as an SQLite database in the directory /Users/username/Library/GroupContainers/UBF8T346G9.Office/Outlook/Outlook 15 Profiles folder. There is a functionality called Time Machine in Mac machine which automatically takes backup of computer files on a regular basis. If a user’s file gets corrupt, damaged or lost then he/she can make use of Time Machine to rebuild Outlook database Mac 2016.