vserver security file-directory ntfs dacl remove
Remove a DACL entry from NTFS security descriptor.
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security file-directory ntfs dacl remove command removes a discretionary access control entry from a security descriptor.
You can unambiguously define which DACL entry to remove by specifying the following four parameters in the command:
- Vserver associated with the security descriptor that contains the DACL entry
- Name of the security descriptor that contains the DACL entry
- Whether the DACL is an allow or deny type of DACL entry
- The account name or SID to which the DACL is applied
Parameters
- -vserver <vserver name> - Vserver
- Specifies the name of the Vserver associated with the security descriptor from which you want to remove a discretionary access control entry.
- -ntfs-sd <ntfs sd name> - NTFS Security Descriptor Name
- Specifies the name of the security descriptor that contains the discretionary access control entry that you want to remove.
- -access-type {deny|allow} - Allow or Deny
- Specifies whether the discretionary access control entry you want to remove is an allow or deny of access control.
- -account <name or sid> - Account Name or SID
- Specifies the account name or SID associated with the discretionary access control entry that you want to remove.
Examples
The following example removes a DACL entry from the security descriptor named “sd2” with “allow” access type for the "BUILTIN\Administrators" account on Vserver vs1.
cluster1::> vserver security file-directory ntfs dacl remove -ntfs-sd sd2 -access-type allow
-account BUILTIN\Administrators -vserver vs1
Give documentation feedback