join- Command Remove Users from Native Groups (Windows)
Valid in the native environments
capamsc141
Valid in the native environments
The join- command removes users from a group.
This command also exists in the AC environment but operates differently.
To use the join- command, one of the following conditions must be true:
- You have the ADMIN attribute.
- The group record is within the scope of a group in which you have the GROUP-ADMIN attribute.
- You are the owner of the group record in the database.
- You have JOIN or MODIFY access authority in the access control list of the GROUP record in the ADMIN class.
If you only have ownership of the user's profile, you do not have sufficient authority to remove the user from a group. Both the MODIFY and JOIN properties are required if an ADMIN is to have the authority to modify
PAM Server Control
records and native groupsThis command has the following format:
{join-|j-} userName group(groupName)
- group(groupName)Specifies the native group from which to remove the user.
- userNameSpecifies the user name of the user you want to remove from the group. When removing more than one user from the group, enclose the list of user names in parentheses and separate the user names with a space or a comma.
Example
The user Bill wants to remove the users sales25 and sales43 from the PAYROLL group.
- The user Bill has the ADMIN attribute and the current environment isnative.
join- (sales25 sales43) group(PAYROLL)