application commands
vserver security file-directory ntfs sacl remove
Suggest changes
-
PDF of this doc site
Collection of separate PDF docs
Creating your file...
Remove a SACL entry from NTFS security descriptor
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security file-directory ntfs sacl remove command removes a system access control list entry from a security descriptor.
You can unambiguously define which SACL entry to remove by specifying the following four parameters in the command:
-
Vserver associated with the security descriptor that contains the SACL entry
-
Name of the security descriptor that contains the SACL entry
-
Whether the SACL is a success or failure type of SACL entry
-
The account name or SID to which the SACL is applied
The vserver security file-directory ntfs sacl remove command is not supported for Vservers with Infinite Volume.
Parameters
-vserver <vserver name>- Vserver-
Specifies the name of the Vserver associated with the security descriptor from which you want to remove the system access control list entry.
-ntfs-sd <ntfs sd name>- NTFS Security Descriptor Name-
Specifies the name of the security descriptor that contains the system access control list entry that you want to remove.
-access-type {failure|success}- Success or Failure-
Specifies whether the system access control list entry that you want to remove is a
failureorsuccessaccess audit type. -account <name or sid>- Account Name or SID-
Specifies the account name or SID associated with the system access control list entry that you want to remove.
Examples
The following example removes a SACL entry named “sd2” on Vserver vs1 with an access type of “success” associated with the "BUILTIN\Administrators" account.
cluster1::> vserver security file-directory ntfs sacl remove -ntfs-sd sd2 -access-type success -account BUILTIN\Administrators -vserver vs1