revokeaccesssys command

Description

The revokeaccesssys command revokes access to an unlocked system. The credentials for the endpoints are changed to indicate a locked state.

You can run this command on multiple systems at one time. Access to all the valid specified systems is revoked.

Operands

This command uses a system list as an operand. The list can optionally be preceded by the -n | --names option.

Options

-a | --all

Targets all systems.

-f | --file {file_name | -}

Retrieves data either from the input file file_name or from input piped from another command.

To retrieve input piped from another command, specify a hyphen (-) instead of a file name (for example, smcli cmd1 | smcli cmd2 -f -). To retrieve input from a file, specify the full path. If the path contains spaces, enclose it in quotation marks.

The input data is the list of system names and IDs, separated by commas or line breaks.

-h | -?

Displays the syntax and a brief description of the command.

Tip: If you specify additional options other than -h | -? | --help, the options are ignored.

--help

Displays detailed information about the command, including the syntax, a description of the command, a description of the options and operands, error codes, and examples.

Tips:

• If you specify additional options other than -h | -? | --help, the options are ignored.
• You can also display detailed help in the form of man pages using the man command_name command.

-i | --ipaddress {ip_address | host_name}[,{ip_address | host_name}...]

Targets one or more systems, specified by IP address or host name.

The list can be a mixture of IP addresses and host names, separated by a comma.

ip_address

The IP address of the system.

Tips:

• You can enter lssys -A IP_address to list the IP address of each discovered system.
• You can use either the IPv4 or IPv6 format to specify the IP address.

host_name

Either the host name or the host name and Domain Name System (DNS) suffix of the system. If the host name contains spaces, enclose it in quotation marks. If it contains a comma, prefix the comma with a backslash (\).

Tips:

• You can enter lssys -A HostName to list the host name of each discovered system.
• The host names are not locale specific.
• A given IP address or host name might resolve multiple systems. For example, both the OperatingSystem and Server instance of a particular system will have the same host name. Use system Object ID (option -n) to target a system uniquely.

-n | --names {system_oid | system_name}[,{system_oid | system_name}...]

Targets one or more systems specified by name or ID.

The list can be a mixture of system names and IDs, separated by a comma and containing no blank spaces.

If the -n option is not specified, then a customized event action that starts a noninteractive task on the system on which the event occurred is created. If the -n option is specified, then a customized event action that starts a noninteractive task on a specified system is created.

system_oid

The unique ID of the system, specified as a hexadecimal value prefixed with 0x (for example, 0x37) or a decimal value (for example, 123).

Tip: Use the lssys -o command to list all system IDs.

system_name

The name of the system. If the system name contains a comma, prefix the comma with a backslash (\).

Tips:

• The system names might not be unique. This command acts on all systems with the specified name. Use the -v | --verbose option to generate a message when this command targets multiple systems with the same name. To target a particular system that has a name that is not unique, identify the system by specifying its unique, hexadecimal ID, or use additional target options to refine the selection.
• Use the lssys command without any options to list all system names.
• The system names are not locale specific.

-N | --groups {group_oid | group_name}[,{group_oid | group_name}...]

Targets all systems in one or more specified groups that are identified by name or ID.

The list can be a mixture of group names and IDs, separated by a comma.

Tips:

• If the same systems are members of more than one group, they are targeted only once.

• To target all systems, specify the "All Systems" group.

group_oid

The unique ID of the group, specified as a hexadecimal value prefixed with 0x (for example, 0x3e7).

Tip: Use the lsgp -o command to list all group IDs.

group_name

The name of the group. If the group name contains spaces, enclose it in quotation marks. If it contains a comma, prefix the comma with a backslash (\) and enclose the name in quotation marks.

Tips:

• Group names are unique.
• Use the lsgp command without any options to list all group names.
• The group names are not locale specific.

-t | --type system_type

Narrows the specified targeted systems to all systems of the specified type.

The system types are organized in a hierarchy in which child subtypes extend parent types. When you specify a parent type (for example, Platforms), its children (in this case, PhysicalPlatforms) are also targeted.

Tips:

• This options is not a targeting option by itself. It must be used with another targeting option, such as -n | --names or -i | --ipaddress.
• You can use this option in conjunction with other targeting options; however, this targeting option acts before all other targeting options.
• Use the lssys -T command to obtain a list of valid system types.
• The system types are not locale specific.

-v | --verbose

Writes verbose messages to standard output.

If this option is not specified, this command suppresses noncritical messages.

-w | --where "query"

Targets one or more systems based on system attributes specified by query.

The query operand is a string, enclosed in quotation marks, that defines a simple SELECT query using the following format:

"attribute_key=value [{AND | OR} attribute_key=value...]"

where attribute_key can be any valid attribute, and value is the value of the attribute. The value must match the expected type for the associated attribute. For example, if the attribute is of type integer, an integer must be specified.

Tips:

• Use logical operators AND or OR to combine attributes.
• Use parentheses to create nested logical constructs.
• The query operand must be enclosed in quotation marks. Do not use double quotation marks in the query.
• If the value contains spaces, enclose it in single quotation marks.
• Only system attributes can be specified. Use the lssys -l command to list the available system attributes.

Exit status

• 0: The operation completed.
• 1: A usage error occurred.
• 2: The command or bundle was not found.
• 3: The command was not performed because either authentication failed or you are not authorized to perform the action.
• 10: The file was not found.
• 20: A specified system is not valid.
• 21: A specified system group is not valid.
• 25: A number-formatting error occurred.
• 26: A specified system type is not valid.
• 27: A specified attribute is not valid.
• 29: The specified locale is not valid or not supported.
• 51: A system is already locked.
• 52: Revoking access is not supported.
• 53: Revoking access is not authorized.
• 54: The revoke-access operation failed.
• 55: The revoke-access operation succeeded with error.
• 56: The revoke-access operation is not yet finished.
• 57: The system is not available.
• 58: The system is not accessible.

Examples

1. Revoke access to a system

   Both of these examples illustrate how to revoke access to a system named websvr.

   smcli revokeaccesssys websvr

   smcli revokeaccesssys -n websvr

2. Revoke access to all systems of a specific type

   This example illustrates how to revoke access to all systems of type Server.

   smcli revokeaccesssys -a -t Server

3. Revoke access to all systems in a specific group

   This example illustrates how to revoke access to all systems that belong to the group websvrgrp.

   smcli revokeaccesssys -N websvrgrp