NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Removing a Permission Set

A permission set can only be removed if and only if

  1. the permission set is not one of the standard immutable out-of-box permission sets
  2. the permission set is not currently used at any code group in the policy level from which it is to be deleted

If neither of the above conditions obtain then a permission set can be removed from a policy. In order to remove a permission set from the default policy level just type:

Caspol –rempset PsetName

As can be seen, permission sets are always referred to by their name. Using the –machine and –user options it is possible to explicitly state from which policy level a given permission set is to be deleted. For instance, the command below deletes the MyFilePset from the machine policy:

Caspol –machine –rempset MyFilePset

The xml file from which the permission set may have been imported will not be deleted. All that –rempset does is to exclude a certain permission set from a policy.