Skip to Content

pw acl deny

The pw acl deny command denies read/write access to CIs for specified user groups. The syntax for the command is as follows:

pw acl deny  -r [ALL | <UserGroup>]  -w [ALL | <UserGroup> ] -ci <criteria> [-p [-o<FileName>] ]
Warning

Note

If the user group name contains a space, the name must be enclosed in double quotation marks for successful execution, for example <"User ops">. A user group name without spaces does not require quotation marks, for example <UserOps>.

Run this command with any combination of the following options:

  • help — Prints a help message

  • -r — Used to specify a Read group name. For example, ReadUg1. The keyword ALL can be used to deny read access to all user groups instead of denying access to specific groups.

    Warning

    Note

    To deny read access to multiple Read groups in Local Read Level Security, the -r option must be specified multiple times.
    At least one -r or -w option must be specified.

  • -w — Used to specify a Write group name. For example, WriteUg1. The keyword ALLcan be used to deny write access to all user groups instead of denying access to specific groups.

    Warning

    Note

    To deny write access to multiple Write groups in Local Write Level Security, the -w option must be specified multiple times.
    At least one -r or -w option must be specified.

  • -p — (Optional) Used to preview the modification before it is actually made

  • -o— Stores CSV-formatted preview output in a specified file

    Warning

    Note

    -o option is valid only when -p is specified. The CIs are listed on the console unless -p is specified.

  • -ci — Used to specify criteria to find CIs. See pw-acl-allow.

Examples

  • pw acl help — Displays help information on the pw acl command
  • pw acl deny help — Displays help information on pw acl deny subcommand
  • pw acl deny -w UG4 -ci notenant -p — Remove UG4 from Local Write ACL of all CIs not associated with tenant. -p and -o options are applicable to preview the change before actual modification.
  • pw acl deny -r ALL -w ALL -ci notenan — In this example, the keyword ALL is case-sensitive to make Local Read and Write ACLs empty for all CIs not associated with the tenant. -p and -o options are applicable to preview the change before actual modification.

Output

Console Output Format
If no file name is specified in the command (with the -o option), the output is displayed on the console. Due to limited space, only the following attributes are displayed:
mc_udid, Name, PNReadAcl, PNWriteAcl

CSV Format
More attributes are available in CSV format, including:
mc_udid, Name, CLASS, PNReadAcl, PNWriteAcl, CmdbReadACl, CmbdWriteAcl

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC ProactiveNet 9.6