authorize- Command Remove Accessors' Authority to Access Windows Resources

Valid in the native Windows environment
capamsc141
Valid in the native Windows environment
The authorize- command removes the access authority to a resource by deleting the accessors from the standard access control list. This leaves the default access to determine accessors' ability to access a particular resource.
This command also exists in the AC environment but operates differently.
This command has the following format:
{authorize-|auth-} classNameresourceName \
[gid(groupName, ...)] \ [uid(userName, ...)]
  • className
    Specifies the name of the class to which
    resourceName
    belongs.
  • gid(
    groupName
    )
    Specifies the Windows group or groups whose access authority to the resource you are setting. The value
    groupName
    represents the name of one or more Windows groups. When specifying more than one group, separate the group names with a space or a comma.
  • resourceName
    Specifies the name of the resource record to modify or add. When changing or adding more than one resource, enclose the list of resource names in parentheses and separate the resource names with a space or a comma. At least one resource name must be specified.
    PAM Server Control
     processes each resource record independently in accordance with the specified parameters. If an error occurs while processing a resource, 
    PAM Server Control
    issues a message and continues processing with the next resource in the list.
  • uid(
    userName
    )
    Specifies the Windows users whose access authority to the resource you are setting.
    userName
    is the user name of one or more Windows users. When specifying more than one user, separate the user names with a space or a comma. To specify all users who are defined in Windows, specify an asterisk (*) for
    userName
    .