Remove-QADPermission
From PowerGUI Wiki
Delete access control entries (ACEs) from the discretionary access control list (DACL) of a directory object or objects.
This cmdlet is part of the Quest ActiveRoles Server product. Use Get-QARSProductInfo to view information about ActiveRoles Server.
Contents |
Syntax
Remove-QADPermission [-InputPermission] <ArsPermission> [-Connection <ArsConnection>] [-ConnectionAccount <string>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-Proxy] [-Service <string>] [-UseGlobalCatalog] [-Confirm] [-WhatIf] [<CommonParameters>]
Detailed Description
Use this cmdlet to delete access control entries (ACEs) from the discretionary access control list (DACL) of an object or objects in the directory (directory objects).
The objects representing ACEs to remove can be passed to this cmdlet through the pipeline. You can have Get-QADPermission retrieve ACEs and then pass the output of that cmdlet to the Add-QADPermission cmdlet so as to delete ACEs from the directory object or objects from which the ACEs have been retrieved (see examples).
The cmdlet has optional parameters that determine the server and the security context for the operation. The connection parameters could be omitted since a connection to a server is normally established prior to using this cmdlet. In this case, the server and the security context are determined by the Connect-QADService cmdlet.
If you do not use Connect-QADService and have no connection established prior to using a cmdlet, then the connection settings, including the server and the security context, are determined by the connection parameters of the first cmdlet you use. Subsequent cmdlets will use those settings by default.
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| Connection | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionAccount | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionPassword | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Credential | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| InputPermission | This parameter is used to identify the object or objects representing the ACEs to delete. The parameter accepts parameter values from the pipeline. Thus, when you use pipelining to pass to this cmdlet the objects returned by the Get-QADPermission cmdlet, you should not supply this parameter on the command line (see examples). Another option is to save the object in a variable and then supply that variable as a parameter value. | true | true (ByValue) | |
| Proxy | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Service | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| UseGlobalCatalog | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Confirm | Prompts you for confirmation before executing the command. | false | false | |
| WhatIf | Describes what would happen if you executed the command without actually executing the command. | false | false |
Examples
EXAMPLE 1
Get-QADPermission 'DistinguishedNameOfObject' -Deny | Remove-QADPermission
Description
Delete all the deny-type ACEs that are configured on a given directory object (not including the inherited ACEs or the schema default ACEs).
