authorize- Command Remove Access Authorities from a Resource
Valid in the AC environment
capamsc141
Valid in the AC environment
Use the authorize- command to remove accessors from the access control lists (ACLs) of a resource.
This command also exists in the native Windows environment but operates differently there.
You need the same access authority to use the authorize- command as you do to use the authorize command.
The authorize- command has different formats for different sets of classes. These sets are:
- TCP
- HOST, GHOST, HOSTNET, and HOSTNP
- All other classes
This command has the following format for the TCP class:
{authorize-|auth-} TCP tcpServiceName \
{gid |uid |xgid |xuid } (accessorName [,accessorName]...)\ [host(hostName [,hostName]...)] \ [ghost(ghostName [,ghostname]...)] \ [hostnet(hostNetName [,hostNetName]...)] \ [hostnp(hostNamePattern [,hostNamePattern]...)]
This command has the following format for the HOST, GHOST, HOSTNET, and HOSTNP classes:
{authorize-|auth-} classNamestationName \
service({serviceName | serviceNumber |serviceNumberRange})
This command has the following format for all remaining classes:
{authorize-|auth-} classNameresourceName \
[{access-|deniedaccess-}]\ [calendar(calendarName)] \ {gid |uid |xgid |xuid } (accessorName [,accessorName]...)
- access-Specifies that the command should remove accessors from the resource ACL (which grants access authorities), rather than from the NACL.If neither access- or deniedaccess- are specified, the command removes the accessors from both ACLs.
- calendar(calendarName)Removes the calendar specified for determining access authority.
- classNameSpecifies the name of the class to whichresourceNamebelongs.
- deniedaccess-Specifies that the command should remove accessors from the resource NACL (which denies access authority), rather than from the ACL.
- gid (accessor[,accessor]...)Defines one or more internal groups whose entries are to be removed. Separate eachaccessorwith a comma or space.
- ghost(ghostName)Specifies the name of an object in class GHOST.
- host(hostName)Specifies the name of an object in class HOST.
- hostnet(hostNetName)Specifies the name of an object in class HOSTNET.
- hostnp(hostNamePattern)Specifies a pattern defined in class HOSTNP.
- ntSpecifies whether to remove values from the system ACLs in Windows.Valid for the FILE class only.
- resourceNameSpecifies the name of the resource record whose access control list is being modified. Specify only one resource record.
- service(serviceName|serviceNumber|serviceNumberRange)Defines the services you want to remove from an ACL.
- stationNameSpecifies the record name within the indicated class, as follows:
- HOSTName of single station.
- GHOSTName of a group of hosts as defined in the database by the ghostcommand.
- HOSTNETName of a group of hosts as defined by a set of mask and match values for the IP address.
- HOSTNPName of a group of hosts as defined by a name pattern.
serviceNumber |serviceNumberRangeDefines the service number or range.Specify the range as two integers separated by a -(hyphen), for example, 1-99.Limits:An integer in the range 0 to 65535 - uid (accessor[,accessor]...)Defines one or more internal users whose entries are to be removed. Separate eachaccessorwith a comma or space.You can use uid(*) to specify all internal users.
- unixSpecifies whether to remove add from the system ACLs in UNIX.Valid only on UNIX environments that support ACLs, and only for records in the FILE class.
- xgid (accessor[,accessor]...)Defines one or more enterprise users whose entries are to be removed. Separate eachaccessorNamewith a comma or space.
- xuid (accessor[,accessor]...)Defines one or more enterprise groups whose entries are to be removed. Separate eachaccessorwith a comma or space.
Example: Remove a group authority to access a file
The following command removes the group research from both the ACL and NACL of the file covered by the resource /products/new:
auth- FILE /products/new xgid(research)
The research group now has the default access to the file.