vserver security file-directory ntfs sacl remove

Contributors

Remove a SACL entry from NTFS security descriptor

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver security file-directory ntfs sacl remove command removes a system access control list entry from a security descriptor.

You can unambiguously define which SACL entry to remove by specifying the following four parameters in the command:

  • Vserver associated with the security descriptor that contains the SACL entry

  • Name of the security descriptor that contains the SACL entry

  • Whether the SACL is a success or failure type of SACL entry

  • The account name or SID to which the SACL is applied

The vserver security file-directory ntfs sacl remove command is not supported for Vservers with Infinite Volume.

Parameters

-vserver <vserver name> - Vserver

Specifies the name of the Vserver associated with the security descriptor from which you want to remove the system access control list entry.

-ntfs-sd <ntfs sd name> - NTFS Security Descriptor Name

Specifies the name of the security descriptor that contains the system access control list entry that you want to remove.

-access-type {failure|success} - Success or Failure

Specifies whether the system access control list entry that you want to remove is a failure or success access audit type.

-account <name or sid> - Account Name or SID

Specifies the account name or SID associated with the system access control list entry that you want to remove.

Examples

The following example removes a SACL entry named “sd2” on Vserver vs1 with an access type of “success” associated with the "BUILTIN\Administrators" account.

cluster1::> vserver security file-directory ntfs sacl remove -ntfs-sd sd2 -access-type success -account BUILTIN\Administrators -vserver vs1