bkr policy-revoke: Revoke permissions in an access policy¶
Synopsis¶
Description¶
Modifies the access policy to revoke permissions for the given users or groups.
Options¶
- --system <fqdn>¶
Modify the custom access policy for <fqdn>. This option is mutuallly exclusive with --pool.
- --pool <name>¶
Modify the access policy for the named system pool. This option is mutually exclusive with --system.
- --permission <permission>¶
Revoke <permission>. This option must be specified at least once. For a description of the available permissions, see Access policies.
- --user <username>¶
Revoke permissions for <username>. This option may be specified multiple times, and may be used in combination with --group.
- --group <groupname>¶
Revoke permissions for <groupname>. This option may be specified multiple times, and may be used in combination with --user.
- --everybody¶
Revoke permissions which were granted to all Beaker users. This option is mutually exclusive with --user and --group.
Note that this option only revokes an access policy rule which applies to all Beaker users (for example, created using bkr policy-grant --everybody). It does not revoke permissions which have been granted to a specific user or group.
Common bkr options are described in the Options section of bkr(1).
Exit status¶
Non-zero on error, otherwise zero.
Examples¶
Revoke Beaker developers’ permission to reserve a system:
bkr policy-revoke --system=test1.example.com \
--permission=reserve --group=beakerdevs
See also¶
bkr(1), bkr-policy-grant(1)