vserver security file-directory ntfs sacl remove

Remove a SACL entry from NTFS security descriptor

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver security file-directory ntfs sacl remove command removes a system access control list entry from a security descriptor.

You can unambiguously define which SACL entry to remove by specifying the following four parameters in the command:

Parameters

-vserver <vserver name> - Vserver
Specifies the name of the Vserver associated with the security descriptor from which you want to remove the system access control list entry.
-ntfs-sd <ntfs sd name> - NTFS Security Descriptor Name
Specifies the name of the security descriptor that contains the system access control list entry that you want to remove.
-access-type {failure|success} - Success or Failure
Specifies whether the system access control list entry that you want to remove is a failure or success access audit type.
-account <name or sid> - Account Name or SID
Specifies the account name or SID associated with the system access control list entry that you want to remove.

Examples

The following example removes a SACL entry named “sd2” on Vserver vs1 with an access type of “success” associated with the "BUILTIN\Administrators" account.

            cluster1::> vserver security file-directory ntfs sacl remove -ntfs-sd sd2 -access-type success -account BUILTIN\Administrators -vserver vs1