Revoke-SPObjectSecurity

Removes a security principal from a SPObjectSecurity object.

Syntax

Revoke-SPObjectSecurity
      [-Identity] <SPObjectSecurity>
      [-Principal] <SPClaim>
      [[-Rights] <String[]>]
      [-AssignmentCollection <SPAssignmentCollection>]
      [<CommonParameters>]
Revoke-SPObjectSecurity
      [-Identity] <SPObjectSecurity>
      [-All]
      [-AssignmentCollection <SPAssignmentCollection>]
      [<CommonParameters>]

Description

This cmdlet contains more than one parameter set. You may only use parameters from one parameter set and you may not combine parameters from different parameter sets. For more information about how to use parameter sets, see Cmdlet parameter sets.

The Revoke-SPObjectSecurity cmdlet to remove a security principal, such as a user, from a SPObjectSecurity object. An SPObjectSecurity object is a common object that is used to represent the security access control list (ACL) of SharePoint administrative objects, in particular service applications.

For permissions and the most current information about Windows PowerShell for SharePoint Products, see the online documentation at https://go.microsoft.com/fwlink/p/?LinkId=251831 (https://go.microsoft.com/fwlink/p/?LinkId=251831).

Examples

------------------EXAMPLE------------------

$security = Get-SPServiceApplicationSecurity $serviceApp -Admin
Revoke-SPObjectSecurity $security "domain\user"
Set-SPServiceApplicationSecurity $serviceApp -Admin $security

This example retrieves the SPObjectSecurity object corresponding to the administrator ACL on a service application and removes a user from that ACL. The removed an administrator for the service application $serviceApp.

Parameters

-All

Specifies that all security principals are removed from the specified SPObjectSecurity object.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:SharePoint Server 2013, SharePoint Server 2016

-AssignmentCollection

Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the SPAssignment object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or SPSiteAdministration objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.

When the Global parameter is used, all objects are contained in the global store. If objects are not immediately used, or disposed of by using the Stop-SPAssignment command, an out-of-memory scenario can occur.

Type:SPAssignmentCollection
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False
Applies to:SharePoint Server 2013, SharePoint Server 2016

-Identity

Specifies the SPObjectSecurity object from which the security principal is removed. You can use the Get-SPServiceApplicationSecurity cmdlet to get a SPObjectSecurity object .

Type:SPObjectSecurity
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False
Applies to:SharePoint Server 2013, SharePoint Server 2016

-Principal

Specifies the principal for whom the rights are removed.

The type must a valid name a principal; for example, Full Control.

Type:SPClaim
Position:2
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False
Applies to:SharePoint Server 2013, SharePoint Server 2016

-Rights

Specifies the rights of the principal to revoke.

The type must a valid array of strings that represents the rights of the principal to revoke.

Type:String[]
Position:3
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:SharePoint Server 2013, SharePoint Server 2016