Valid in the AC environment
Use the authorize‑ command to remove accessors from the access control lists (ACLs) of a resource.
Note: This command also exists in the native Windows environment but operates differently there.
You need the same access authority to use the authorize- command as you do to use the authorize command.
The authorize- command has different formats for different sets of classes. These sets are:
This command has the following format for the TCP class:
{authorize-|auth-} TCP tcpServiceName \
{gid |uid |xgid |xuid } (accessorName [,accessorName]...)\ [host(hostName [,hostName]...)] \ [ghost(ghostName [,ghostname]...)] \ [hostnet(hostNetName [,hostNetName]...)] \ [hostnp(hostNamePattern [,hostNamePattern]...)]
This command has the following format for the HOST, GHOST, HOSTNET, and HOSTNP classes:
{authorize-|auth-} className stationName \
service({serviceName | serviceNumber |serviceNumberRange})
This command has the following format for all remaining classes:
{authorize-|auth-} className resourceName \
[{access-|deniedaccess-}]\ [calendar(calendarName)] \ {gid |uid |xgid |xuid } (accessorName [,accessorName]...)
Specifies that the command should remove accessors from the resource ACL (which grants access authorities), rather than from the NACL.
If neither access- or deniedaccess- are specified, the command removes the accessors from both ACLs.
Removes the calendar specified for determining access authority.
Specifies the name of the class to which resourceName belongs.
Specifies that the command should remove accessors from the resource NACL (which denies access authority), rather than from the ACL.
Defines one or more internal groups whose entries are to be removed. Separate each accessor with a comma or space.
Specifies the name of an object in class GHOST.
Specifies the name of an object in class HOST.
Specifies the name of an object in class HOSTNET.
Specifies a pattern defined in class HOSTNP.
Specifies whether to remove values from the system ACLs in Windows.
Valid for the FILE class only.
Specifies the name of the resource record whose access control list is being modified. Specify only one resource record.
Defines the services you want to remove from an ACL.
Specifies the record name within the indicated class, as follows:
For hosts that cannot be resolved, specify the IP address range.
serviceNumber |serviceNumberRange
Defines the service number or range.
Specify the range as two integers separated by a -(hyphen), for example, 1-99.
Limits: An integer in the range 0 to 65535
Defines one or more internal users whose entries are to be removed. Separate each accessor with a comma or space.
You can use uid(*) to specify all internal users.
Specifies whether to remove add from the system ACLs in UNIX.
Valid only on UNIX environments that support ACLs, and only for records in the FILE class.
Defines one or more enterprise users whose entries are to be removed. Separate each accessorName with a comma or space.
Defines one or more enterprise groups whose entries are to be removed. Separate each accessor with a comma or space.
Example: Remove a group authority to access a file
The following command removes the group research from both the ACL and NACL of the file covered by the resource /products/new:
auth- FILE /products/new xgid(research)
The research group now has the default access to the file.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|