Revoke authority to an instance

You can use the rvkwasaut script in Qshell to revoke authority to objects and directories in an instance.

Authority

To run this script, your user profile must have *ALLOBJ authority.

Usage

To run the script, follow these steps:

1. On the CL command line, run the STRQSH (Start Qshell) command.

2. Run the cd command to change to the directory that contains the script:

   cd /QIBM/ProdData/WebASE/ASE5/bin

3. Run the rvkwasaut script:

   rvkwasaut -instance instance -user usrprf | -authlist none

   where instance is the instance to which you want are revoking authority, usrprf is the user profile from which you are revoking authority, and authlist is the authorization list from which you are revoking authority. You do not need to specify both the -user and -authlist parameters, but you must specify at least one of them.

Syntax

The syntax of the script is:

rvkwasaut -instance instance  -user usrprf | -authlist none
 [ -object path ] [ -recursive ] [ -verbose ] [ -help ]

Parameters

The parameters of the script are:

• -instance
  This is a required parameter. The value instance specifies the name of the instance to which you are revoking authority.

• -user
  The value usrprf specifies the i5/OS user profile from which you are revoking authority. To revoke authority from multiple user profiles, specify all of the user profiles with a single -user parameter. Enclose the list of profiles in double quotation marks ("). For example, to revoke authority from usrprf1 and usrprf2, specify -user "usrprf1 usrprf2". You must specify -user, -authlist, or both.

• -authlist
  The value none specifies that the current authorization list associated with the object should be removed. If you use the -authlist parameter, you must specify the value none. You must specify either -user, -authlist, or both.

• -object
  This is an optional parameter. The value path specifies the subdirectory or partially qualified object name to which you are revoking authority. The instance root is prepended to the value to get the fully-qualified path. If you do not specify this parameter, the default value is the instance root. To revoke authority to multiple objects, you must run the script for each object.

• -recursive
  This optional parameter specifies whether to revoke authority to all subdirectories. If you do not specify this parameter, authority is revoked only to the object specified with the -object parameter, or the instance root directory if the -object parameter is not specified. This parameter applies to all objects specified with -object parameters.

• -verbose
  This optional parameter turns on verbose messages, which can be helpful if you need to debug the script.

• -help
  This optional parameter displays the help message. If you specify this parameter, the script ignores all other parameters.

Examples

In this example, the user profile jsmith no longer has authority to the instance devinst.

rvkwasaut -instance devinst -user jsmith -recursive

In this example, the user profile jsmith no longer has authority to the installedApps subdirectory and all nested objects in the installedApps subdirectory.

rvkwasaut -instance devinst -object installedApps -user jsmith -recursive