aa deleteaclentry
deletes ACL entries on the Integrity Lifecycle Manager Server
Synopsis
aa deleteaclentry [--acl=name] [--[no]confirm] [--hostname=server] [--port=number] [--password=password] [--user=name] [(-?|--usage)] [(-F file|--selectionFile=file)] [(-N|--no)] [(-Y|--yes)] [--[no]batch] [--cwd=directory] [--forceConfirm=[yes|no]] [(-g|--gui)] [--quiet] [--settingsUI=[gui|default]] [--status=[none|gui|default]] ACL entry...
Description
aa deleteaclentry deletes ACL entries on a specified Integrity Lifecycle Manager Server. For example,
aa deleteaclentry --acl=mks:si:project:id:MKSProjects:DemoApplication g=developers:AddMember,CheckIn
deletes the AddMember and CheckIn permissions for a group named developers, within the ACL for the DemoApplication configuration management project.
Options
This command takes the universal options available to all
aa commands, as well as some general options. See the
options reference page for descriptions.
• --acl=name
the ACL name.
The following server-level ACLs are shipped by default: mks default server level ACL providing root level administrative control over the Integrity Lifecycle Manager Server; mks:aa controlling login access to the ACLs; mks:aa:mks allowing read and update access for managing the ACLs; mks:patch controlling access to the administration of service packs; mks:im controlling access to workflow and document management; and mks:si controlling access to configuration management. For configuration management, you work with project ACLs that control the permissions for a particular directory. Working with member ACLs is also possible, which control permissions for specific files -- this would be for those rare circumstances where security on specific, individual files must be heavily controlled and where the administrative costs are known and accepted.
|
The mks ACL cannot be deleted and the ACL entries cannot be removed.
|
The ACL name itself follows a specific hierarchical format:
The default server-level ACL is named mks:si. All project and member ACLs will inherit permissions from this one.
Project-level ACL names include a specific prefix, taking the format mks:si:project:id:<project directory>. The project directory is relative to the root of the Integrity Lifecycle Manager Server.
Subproject ACLs have the same format as projects, simply appending the subdirectories using colons (:) instead of slashes.
Variant project ACLs have a slightly different prefix, taking the format mks:si:project:devpath:<devpathname>:id.
Member ACLs simply specify the file name in the ACL name, such as mks:si:project:id:<project directory>:<member file name>.
• ACL entry...
identifies one or more ACL entries you want to delete. Separate multiple entries with a space.
The entry consists of two main elements: u= or g= for identifying the principal (user or group), then a colon (:) followed by the comma-separated list of permissions you want to delete.
The principal is listed as u= or g=, representing user or group. For example, u=mkern or g=developers.
The comma-separated list of permissions are taken from those listed on the
ACL reference page. Remember to precede the list of permissions with a colon (:) to identify it with the principal. For example, specifying
g=developers:AddLabel,BreakLock u=mkern:OpenProject would delete
AddLabel and
BreakLock ACL permissions for a group named
developers, and the
OpenProject ACL permission for a user named
mkern.
Diagnostics
See the
diagnostics reference page for possible exit status values.
See Also