rm x grp Command Delete Group Records
Valid in the AC environment
capamsc141
Valid in the AC environment
The rmgrp and rmxgrp commands remove one or more groups from
Privileged Access Manager
and, optionally, from the native environment. There may be occurrences in the database of the group's group ID that the rmgrp command does not delete. For example, the group could be the owner of another group, the owner of other records, or in an access control list for a resource. Use the chgrp, chusr, chres, and authorize commands, as required, to manually change ownership and remove access authorities relating to the group record you want to delete. Alternatively, use the sepurgedb utility to clean up inconsistencies in the database automatically.
The rmgrp command also exists in the native environment but operates differently there.
To use the rmgrp command, at least one of the following is required:
- You have the ADMIN attribute.
- The group to be deleted is within the scope of a group in which you have the GROUP-ADMIN attribute.
- You are the owner of the group to be deleted.
- You are assigned DELETE authority in the GROUP record of the AUDIT class.
This command has the following format:
{rmgrp|rg | rmxgrp|rxg} { groupName | (groupName [,groupName...]) } [unix|nt]
- groupNameSpecifies thePrivileged Access Managergroup to be deleted.
- nt(Optional) Deletes a group from the local Windows database in addition to deleting the group from thePrivileged Access Managerdatabase.
- unix(Optional) Deletes a group from the local UNIX system in addition to deleting the group from thePrivileged Access Managerdatabase.
Example
The user Joe wants to delete the groups DEPT1 and DEPT2 from the database.
- The user Joe has GROUP-ADMIN authority to the SALES group.
- The groups DEPT1 and DEPT2 are owned by the SALES group.
rmxgrp (DEPT1, DEPT2)