vserver security file-directory ntfs dacl remove
Suggest changes
PDFs
Remove a DACL entry from NTFS security descriptor.
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security file-directory ntfs dacl remove command removes a discretionary access control entry from a security descriptor.
You can unambiguously define which DACL entry to remove by specifying the following four parameters in the command:
-
Vserver associated with the security descriptor that contains the DACL entry
-
Name of the security descriptor that contains the DACL entry
-
Whether the DACL is an allow or deny type of DACL entry
-
The account name or SID to which the DACL is applied
Parameters
-vserver <vserver name>- Vserver-
Specifies the name of the Vserver associated with the security descriptor from which you want to remove a discretionary access control entry.
-ntfs-sd <ntfs sd name>- NTFS Security Descriptor Name-
Specifies the name of the security descriptor that contains the discretionary access control entry that you want to remove.
-access-type {deny|allow}- Allow or Deny-
Specifies whether the discretionary access control entry you want to remove is an
allowordenyof access control. -account <name or sid>- Account Name or SID-
Specifies the account name or SID associated with the discretionary access control entry that you want to remove.
Examples
The following example removes a DACL entry from the security descriptor named “sd2” with “allow” access type for the "BUILTIN\Administrators" account on Vserver vs1.
cluster1::> vserver security file-directory ntfs dacl remove -ntfs-sd sd2 -access-type allow -account BUILTIN\Administrators -vserver vs1