add_pamapp_to_role

Use the add_pamapp_to_role command to add a PAM application right to the currently selected role stored in memory. The PAM application right must already exist. You can create PAM application rights using new_pam_app.

The add_pamapp_to_role command does not change the role as it is stored Active Directory. The command only changes the role stored in memory. You must save the role using save_role before the added PAM application takes effect in Active Directory. If you select another role or quit ADEdit before saving the role, any PAM application rights you’ve added since the last save won’t take effect.

You can only use the add_pamapp_to_role if the currently selected zone is a classic4 or hierarchical zones. The command does not work in other types of zones.

Zone type

Classic and hierarchical

Syntax

add_pamapp_to_role app[/zonename]

Abbreviation

apr

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument Type Description

app[/zonename]

string

Required. Specifies the name of an existing PAM application right to add to the currently selected role.

If the PAM application right that you want to add is defined in the current zone, the zonename argument is optional. If the PAM application right is defined in a zone other than the currently selected zone, the zonename argument is required to identify the specific PAM application right to add.

Return value

This command returns nothing if it runs successfully.

Examples

The following example adds the PAM application login-all, which is defined in the currently selected zone, to the currently selected role:

add_pamapp_to_role login-all

The following example adds the PAM application access right oracle-admin from the emea zone to the currently selected role:

add_pamapp_to_role oracle-admin/emea

Related commands

The following commands enable you to view and select the role you want to work with:

  • new_role creates a new role and stores it in memory.
  • select_role retrieves a role from Active Directory and stores it in memory.
  • get_roles returns a Tcl list of roles in the current zone.
  • list_roles displays a list to stdout of all roles in the currently selected zone.

After you have a role stored in memory, you can use additional commands to work with that role’s fields, commands, and applications or use the following commands to delete or save the currently selected role:

  • save_role saves the selected role with its current settings to Active Directory.
  • delete_role deletes the selected role from Active Directory and from memory.