Beaker

bkr policy-revoke: Revoke permissions in an access policy

Synopsis

bkr policy-revoke [options]
[--system <fqdn> | --pool <name>]
--permission <permission> [--permission <permission> ...]
[--user <username> | --group <groupname> | --everybody]

Description

Modifies the access policy to revoke permissions for the given users or groups.

Options

--system <fqdn>

Modify the custom access policy for <fqdn>. This option is mutuallly exclusive with --pool.

--pool <name>

Modify the access policy for the named system pool. This option is mutually exclusive with --system.

--permission <permission>

Revoke <permission>. This option must be specified at least once. For a description of the available permissions, see Access policies.

--user <username>

Revoke permissions for <username>. This option may be specified multiple times, and may be used in combination with --group.

--group <groupname>

Revoke permissions for <groupname>. This option may be specified multiple times, and may be used in combination with --user.

--everybody

Revoke permissions which were granted to all Beaker users. This option is mutually exclusive with --user and --group.

Note that this option only revokes an access policy rule which applies to all Beaker users (for example, created using bkr policy-grant --everybody). It does not revoke permissions which have been granted to a specific user or group.

Common bkr options are described in the Options section of bkr(1).

Exit status

Non-zero on error, otherwise zero.

Examples

Revoke Beaker developers’ permission to reserve a system:

bkr policy-revoke --system=test1.example.com \
    --permission=reserve --group=beakerdevs

See also

bkr(1), bkr-policy-grant(1)