Service: zimbraAdmin
Namespace: "urn:zimbraAdmin"
RevokeRight SOAP Command

Revoke a right from a target that was previously granted to an individual or group grantee.

Authorization token required true
Admin Authorization token required true

RevokeRightRequest

    <RevokeRightRequest> ## RevokeRightRequest
        <target
                   type="{target-type} (account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global)"
                   [by="{target-selector-by} (id|name)"]>{value}</target> ## EffectiveRightsTargetSelector
        <grantee [type="{grantee-type} (usr|grp|egp|all|dom|edom|gst|key|pub|email)"]
                    [by="{grantee-selector-by} (id|name)"] [secret="{secret}"] [all="{all-flag} (0|1)"]>{key}</grantee> ## GranteeSelector
        <right [deny="{deny-flag} (0|1)"] [canDelegate="{can-delegate-flag} (0|1)"]
                  [disinheritSubGroups="{disinheritSubGroups-flag} (0|1)"] [subDomain="{subdomain-flag} (0|1)"]>{value}</right> ## RightModifierInfo
    </RevokeRightRequest>

The following table describes elements and attributes you can define within a <RevokeRightRequest> element:

XPath Required / Optional Description
/target Required (only 1) Type:{value}
Target selector
Description for element text content:The key used to identify the target. Meaning determined by {target-selector-by}
/target@type Required (only 1) Type:account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global
Target type
/target@by Optional (0 or 1) Type:id|name
Select the meaning of {target-selector-key}
/grantee Required (only 1) Type:{key}
Grantee selector
Description for element text content:The key used to identify the grantee. Meaning determined by {grantee-selector-by}
/grantee@type Optional (0 or 1) Type:usr|grp|egp|all|dom|edom|gst|key|pub|email
Grantee type
usr Zimbra User
grp Zimbra Group (distribution list)
egp an external AD group
dom Zimbra domain
edom non-Zimbra domain (used with sendToDistList right)
all all authenticated users
gst non-Zimbra email address and password
key external user with accesskey
pub public authenticated and unauthenticated access
email Pseudo grantee type. Granting code will map to usr/grp/egp or gst
/grantee@by Optional (0 or 1) Type:id|name
Select the meaning of {grantee-selector-key}
/grantee@secret Optional (0 or 1) Type:String
Password for guest grantee or the access key for key grantee For user right only
/grantee@all Optional (0 or 1) Type:0|1
For GetGrantsRequest, selects whether to include grants granted to groups the specified grantee belongs to. Default is 1 (true)
/right Required (only 1) Type:{value}
Right
Description for element text content:Value is of the form : {right-name} | {inline-right} where
{right-name} = a system defined right name
{inline-right} = {op}.{target-type}.{attr-name}
{op} = set | get
{attr-name} = a valid attribute name on the specified target type
/right@deny Optional (0 or 1) Type:0|1
Deny flag - default is 0 (false)
/right@canDelegate Optional (0 or 1) Type:0|1
Flag whether can delegate - default is 0 (false)
/right@disinheritSubGroups Optional (0 or 1) Type:0|1
disinheritSubGroups flag - default is 0 (false)
/right@subDomain Optional (0 or 1) Type:0|1
subDomain flag - default is 0 (false)

RevokeRightResponse

    <RevokeRightResponse /> ## RevokeRightResponse