vserver security file-directory ntfs dacl remove
Remove a DACL entry from NTFS security descriptor.
Description
The vserver security file-directory ntfs dacl remove command removes a discretionary access control entry from a security descriptor.
You can unambiguously define which DACL entry to remove by specifying the following four parameters in the command:
Vserver associated with the security descriptor that contains the DACL entry
Name of the security descriptor that contains the DACL entry
Whether the DACL is an allow or deny type of DACL entry
The account name or SID to which the DACL is applied
The vserver security file-directory ntfs dacl remove command is not supported for Vservers with Infinite Volume.
Parameters
- -vserver <vserver name> - Vserver
- Specifies the name of the Vserver associated with the security descriptor from which you want to remove a discretionary access control entry.
- -ntfs-sd <ntfs sd name> - NTFS Security Descriptor Name
- Specifies the name of the security descriptor that contains the discretionary access control entry that you want to remove.
- -access-type {deny|allow} - Allow or Deny
- Specifies whether the discretionary access control entry you want to remove is an allow or deny of access control.
- -account <name or sid> - Account Name or SID
- Specifies the account name or SID associated with the discretionary access control entry that you want to remove.
Examples
The following example removes a DACL entry from the security descriptor named “sd2” with “allow” access type for the "BUILTIN\Administrators" account on Vserver vs1.
cluster1::> vserver security file-directory ntfs dacl remove -ntfs-sd sd2 -access-type allow -account BUILTIN\Administrators -vserver vs1