vserver security file-directory ntfs dacl remove

Remove a DACL entry from NTFS security descriptor.

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver security file-directory ntfs dacl remove command removes a discretionary access control entry from a security descriptor.

You can unambiguously define which DACL entry to remove by specifying the following four parameters in the command:

Parameters

-vserver <vserver name> - Vserver
Specifies the name of the Vserver associated with the security descriptor from which you want to remove a discretionary access control entry.
-ntfs-sd <ntfs sd name> - NTFS Security Descriptor Name
Specifies the name of the security descriptor that contains the discretionary access control entry that you want to remove.
-access-type {deny|allow} - Allow or Deny
Specifies whether the discretionary access control entry you want to remove is an allow or deny of access control.
-account <name or sid> - Account Name or SID
Specifies the account name or SID associated with the discretionary access control entry that you want to remove.

Examples

The following example removes a DACL entry from the security descriptor named “sd2” with “allow” access type for the "BUILTIN\Administrators" account on Vserver vs1.

            cluster1::> vserver security file-directory ntfs dacl remove -ntfs-sd sd2 -access-type allow -account BUILTIN\Administrators -vserver vs1