Administrator's Reference

REVOKE AUTHORITY (Remove Administrator Authority)

Use the REVOKE AUTHORITY command to revoke one or more privilege classes from an administrator. You can also use this command to reduce the number of policy domains to which a restricted policy administrator has authority. This command can also be used to reduce the number of storage pools to which a restricted storage administrator has authority.

At least one administrator must have system privilege; therefore, if the administrator is the only one with system privilege, you cannot revoke his or her authority.

To change an unrestricted policy administrator to a restricted policy administrator, you must first use this command to revoke the unrestricted privilege. Then, use the GRANT AUTHORITY command to grant the administrator restricted policy privilege and to identify the policy domains to which the administrator has authority.

To change an unrestricted storage administrator to a restricted storage administrator, you must first use this command to revoke the unrestricted privilege. Then, use the GRANT AUTHORITY command to grant the administrator restricted storage privilege and to identify the storage pools to which the administrator has authority.

Privilege Class

To issue this command, you must have system privilege.

Syntax

>>-REVoke AUTHority--adminname---------------------------------->
 
>---+-------------------------------------+--------------------->
    |                  .-,------------.   |
    |         (1)      V              |   |
    '-CLasses-------=----+-SYstem---+-+---'
                         +-Policy---+
                         +-STorage--+
                         +-Operator-+
                         '-Analyst--'
 
>---+---------------------------------------+------------------->
    |                  .-,--------------.   |
    |         (1)      V                |   |
    '-DOmains-------=------domainname---+---'
 
>---+--------------------------------------+-------------------><
    |                   .-,------------.   |
    |          (1)      V              |   |
    '-STGpools-------=------poolname---+---'

1	If all these parameters are omitted, all administrator privileges will be revoked for this administrator.

Parameters

adminname

Specifies the name of the administrator whose administrative privilege is to be revoked. This parameter is required.

CLasses=classes

Specifies one or more administrative privilege classes to be revoked. You can specify more than one class by delimiting each with a comma.

SYstem: Indicates that system authority is to be revoked for this administrator. If CLASSES=SYSTEM is specified, no other classes can be specified, and the DOMAINS and STGPOOLS parameters cannot be specified.
Policy: Indicates that policy privilege is to be revoked for this administrator. To revoke all policy privilege, specify CLASSES=POLICY and do not specify the DOMAINS parameter.
STorage: Indicates that storage privilege is to be revoked for this administrator. To revoke all storage privilege, specify CLASSES=STORAGE and do not specify the STGPOOLS parameter.
Operator: Indicates that operator privilege is to be revoked for this administrator.
Analyst: Indicates that analyst privilege is to be revoked for this administrator.

DOmains=domainlist

Specifies a list of policy domains that can no longer be managed by a restricted policy administrator. (The administrator had been authorized to manage these domains until the REVOKE command was issued.) This parameter is optional. The items in the list are separated by commas, with no intervening spaces. You can use a pattern-matching expression to specify a name. Authority for all matching domains will be revoked. If DOMAINS is specified, the parameter CLASSES=POLICY is optional.

STGpools=poollist

Specifies a list of storage pools that can no longer be managed by a restricted policy administrator. (The administrator had been authorized to manage these storage pools until the REVOKE command was issued.) This parameter is optional. The items in the list are separated by commas, with no intervening spaces. You can use a pattern-matching expression to specify a name. Authority for all matching storage pools will be revoked. If STGPOOLS is specified then the parameter CLASSES=STORAGE is optional.

Usage Notes

If you use the REVOKE AUTHORITY command without the CLASSES, DOMAINS, and STGPOOLS parameters, you will revoke all privileges for the specified administrator.
You can revoke unrestricted policy privilege from an administrator by specifying the CLASSES=POLICY parameter. You cannot use the DOMAINS parameter to revoke authority for selected domains from an unrestricted policy administrator.
You can revoke unrestricted storage privilege from an administrator by specifying the CLASSES=STORAGE parameter. You cannot use the STGPOOLS parameter to revoke authority for selected storage pools from an unrestricted storage administrator.

Examples

Task 1

Revoke part of administrator CLAUDIA's privileges. CLAUDIA has restricted policy privilege for the policy domains EMPLOYEE_RECORDS and PROG1. Restrict CLAUDIA's policy privilege to the EMPLOYEE_RECORDS policy domain.

Command:: revoke authority claudia classes=policy domains=employee_records

Task 2

Administrator LARRY currently has operator, analyst, and restricted policy privilege. Revoke all administrative privileges for administrator LARRY. To revoke all administrative privileges for an administrator, identify the administrator, but do not specify CLASSES, DOMAINS, or STGPOOLS. LARRY remains an administrator but he can only use those commands that can be issued by any administrator.

Command:: revoke authority larry

Task 3

Revoke system privilege for administrator TOM. TOM remains an administrator but he can only use those commands that can be issued by any administrator. (You can, if needed, use the GRANT AUTHORITY command to give privileges to TOM.)

Command:: revoke authority tom classes=system

Task 4

Administrator JANET currently has operator, analyst, and unrestricted storage privilege. Revoke her operator and analyst privileges. After the command is issued, the administrator JANET continues to have unrestricted storage privilege.

Command:: revoke authority janet classes=operator,analyst

Related Commands

Table 183. Commands Related to REVOKE AUTHORITY

Command Description
GRANT AUTHORITY Assigns one or more privilege classes to an administrator.
QUERY ADMIN Displays information about one or more ADSM administrators.

Command	Description
GRANT AUTHORITY	Assigns one or more privilege classes to an administrator.
QUERY ADMIN	Displays information about one or more ADSM administrators.

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]