CLI Reference > Server Administration Commands > aa deleteaclentry
aa deleteaclentry
deletes ACL entries on the Windchill RV&S Server
aa deleteaclentry [--acl=name] [--[no]confirm] [--hostname=server] [--port=number] [--password=password] [--user=name] [(-?|--usage)] [(-F file|--selectionFile=file)] [(-N|--no)] [(-Y|--yes)] [--[no]batch] [--cwd=directory] [--forceConfirm=[yes|no]] [(-g|--gui)] [--quiet] [--settingsUI=[gui|default]] [--status=[none|gui|default]] ACL entry...
aa deleteaclentry deletes ACL entries on a specified Windchill RV&S Server. For example,
aa deleteaclentry --acl=mks:si:project:id:MKSProjects:DemoApplication g=developers:AddMember,CheckIn
deletes the AddMember and CheckIn permissions for a group named developers, within the ACL for the DemoApplication configuration management project.
This command takes the universal options available to all aa commands, as well as some general options. See the options reference page for descriptions.
the ACL name.
The following server-level ACLs are shipped by default: mks default server level ACL providing root level administrative control over the Windchill RV&S Server; mks:aa controlling login access to the ACLs; mks:aa:mks allowing read and update access for managing the ACLs; mks:patch controlling access to the administration of service packs; mks:im controlling access to workflow and document management; and mks:si controlling access to configuration management. For configuration management, you work with project ACLs that control the permissions for a particular directory. Working with member ACLs is also possible, which control permissions for specific files -- this would be for those rare circumstances where security on specific, individual files must be heavily controlled and where the administrative costs are known and accepted.
The mks ACL cannot be deleted and the ACL entries cannot be removed.
The ACL name itself follows a specific hierarchical format:
The default server-level ACL is named mks:si. All project and member ACLs will inherit permissions from this one.
Project-level ACL names include a specific prefix, taking the format mks:si:project:id:<project directory>. The project directory is relative to the root of the Windchill RV&S Server.
Subproject ACLs have the same format as projects, simply appending the subdirectories using colons (:) instead of slashes.
Variant project ACLs have a slightly different prefix, taking the format mks:si:project:devpath:<devpathname>:id.
Member ACLs simply specify the file name in the ACL name, such as mks:si:project:id:<project directory>:<member file name>.
ACL entry...
identifies one or more ACL entries you want to delete. Separate multiple entries with a space.
The entry consists of two main elements: u= or g= for identifying the principal (user or group), then a colon (:) followed by the comma-separated list of permissions you want to delete.
The principal is listed as u= or g=, representing user or group. For example, u=mkern or g=developers.
The comma-separated list of permissions are taken from those listed on the ACL reference page. Remember to precede the list of permissions with a colon (:) to identify it with the principal. For example, specifying g=developers:AddLabel,BreakLock u=mkern:OpenProject would delete AddLabel and BreakLock ACL permissions for a group named developers, and the OpenProject ACL permission for a user named mkern.
See the diagnostics reference page for possible exit status values.
See Also
Commands: aa acls, aa addaclentry, aa deleteacl, aa viewacl
Miscellaneous: ACL, diagnostics, options