authorize- Command Remove Accessors' Authority to Access Windows Resources
Valid in the native Windows environment
capamsc141
Valid in the native Windows environment
The authorize- command removes the access authority to a resource by deleting the accessors from the standard access control list. This leaves the default access to determine accessors' ability to access a particular resource.
This command also exists in the AC environment but operates differently.
This command has the following format:
{authorize-|auth-} classNameresourceName \
[gid(groupName, ...)] \ [uid(userName, ...)]
- classNameSpecifies the name of the class to whichresourceNamebelongs.
- gid(groupName)Specifies the Windows group or groups whose access authority to the resource you are setting. The valuegroupNamerepresents the name of one or more Windows groups. When specifying more than one group, separate the group names with a space or a comma.
- resourceNameSpecifies the name of the resource record to modify or add. When changing or adding more than one resource, enclose the list of resource names in parentheses and separate the resource names with a space or a comma. At least one resource name must be specified.PAM Server Controlprocesses each resource record independently in accordance with the specified parameters. If an error occurs while processing a resource,PAM Server Controlissues a message and continues processing with the next resource in the list.
- uid(userName)Specifies the Windows users whose access authority to the resource you are setting.userNameis the user name of one or more Windows users. When specifying more than one user, separate the user names with a space or a comma. To specify all users who are defined in Windows, specify an asterisk (*) foruserName.