authorize- Command Remove Access Authorities from a Resource

Valid in the AC environment
capamsc141
Valid in the AC environment
Use the authorize- command to remove accessors from the access control lists (ACLs) of a resource.
This command also exists in the native Windows environment but operates differently there.
You need the same access authority to use the authorize- command as you do to use the authorize command.
The authorize- command has different formats for different sets of classes. These sets are:
  • TCP
  • HOST, GHOST, HOSTNET, and HOSTNP
  • All other classes
This command has the following format for the TCP class:
{authorize-|auth-} TCP tcpServiceName \
{gid |uid |xgid |xuid } (accessorName [,accessorName]...)\ [host(hostName [,hostName]...)] \ [ghost(ghostName [,ghostname]...)] \ [hostnet(hostNetName [,hostNetName]...)] \ [hostnp(hostNamePattern [,hostNamePattern]...)]
This command has the following format for the HOST, GHOST, HOSTNET, and HOSTNP classes:
{authorize-|auth-} classNamestationName \
service({serviceName | serviceNumber |serviceNumberRange})
This command has the following format for all remaining classes:
{authorize-|auth-} classNameresourceName \
[{access-|deniedaccess-}]\ [calendar(calendarName)] \ {gid |uid |xgid |xuid } (accessorName [,accessorName]...)
  • access-
    Specifies that the command should remove accessors from the resource ACL (which grants access authorities), rather than from the NACL.
    If neither access- or deniedaccess- are specified, the command removes the accessors from both ACLs.
  • calendar(
    calendarName
    )
    Removes the calendar specified for determining access authority.
  • className
    Specifies the name of the class to which
    resourceName
    belongs.
  • deniedaccess-
    Specifies that the command should remove accessors from the resource NACL (which denies access authority), rather than from the ACL.
  • gid (
    accessor
    [,
    accessor
    ]...)
    Defines one or more internal groups whose entries are to be removed. Separate each
    accessor
    with a comma or space.
  • ghost(
    ghostName
    )
    Specifies the name of an object in class GHOST.
  • host(
    hostName
    )
    Specifies the name of an object in class HOST.
  • hostnet(
    hostNetName
    )
    Specifies the name of an object in class HOSTNET.
  • hostnp(
    hostNamePattern
    )
    Specifies a pattern defined in class HOSTNP.
  • nt
    Specifies whether to remove values from the system ACLs in Windows.
    Valid for the FILE class only.
  • resourceName
    Specifies the name of the resource record whose access control list is being modified. Specify only one resource record.
  • service(
    serviceName
    |
    serviceNumber
    |
    serviceNumberRange
    )
    Defines the services you want to remove from an ACL.
    • stationName
      Specifies the record name within the indicated class, as follows:
      • HOST
        Name of single station.
      • GHOST
        Name of a group of hosts as defined in the database by the ghostcommand.
      • HOSTNET
        Name of a group of hosts as defined by a set of mask and match values for the IP address.
      • HOSTNP
        Name of a group of hosts as defined by a name pattern.
      For hosts that cannot be resolved, specify the IP address range.
    serviceNumber |serviceNumberRange
    Defines the service number or range.
    Specify the range as two integers separated by a -(hyphen), for example, 1-99.
    Limits:
    An integer in the range 0 to 65535
  • uid (
    accessor
    [,
    accessor
    ]...)
    Defines one or more internal users whose entries are to be removed. Separate each
    accessor
    with a comma or space.
    You can use uid(*) to specify all internal users.
  • unix
    Specifies whether to remove add from the system ACLs in UNIX.
    Valid only on UNIX environments that support ACLs, and only for records in the FILE class.
  • xgid (
    accessor
    [,
    accessor
    ]...)
    Defines one or more enterprise users whose entries are to be removed. Separate each
    accessorName
    with a comma or space.
  • xuid (
    accessor
    [,
    accessor
    ]...)
    Defines one or more enterprise groups whose entries are to be removed. Separate each
    accessor
    with a comma or space.
Example: Remove a group authority to access a file
The following command removes the group research from both the ACL and NACL of the file covered by the resource /products/new:
auth- FILE /products/new xgid(research)
The research group now has the default access to the file.