add_pamapp_to_role
Use the add_pamapp_to_role
command to add a PAM application right to the currently selected role stored in memory. The PAM application right must already exist. You can create PAM application rights using new_pam_app.
The add_pamapp_to_role
command does not change the role as it is stored Active Directory. The command only changes the role stored in memory. You must save the role using save_role before the added PAM application takes effect in Active Directory. If you select another role or quit ADEdit before saving the role, any PAM application rights you’ve added since the last save won’t take effect.
You can only use the add_pamapp_to_role
if the currently selected zone is a classic4 or hierarchical zones. The command does not work in other types of zones.
Zone type
Classic and hierarchical
Syntax
add_pamapp_to_role app[/zonename]
Abbreviation
apr
Options
This command takes no options.
Arguments
This command takes the following argument:
Argument | Type | Description |
app[/zonename] |
string |
Required. Specifies the name of an existing PAM application right to add to the currently selected role. If the PAM application right that you want to add is defined in the current zone, the zonename argument is optional. If the PAM application right is defined in a zone other than the currently selected zone, the zonename argument is required to identify the specific PAM application right to add. |
Return value
This command returns nothing if it runs successfully.
Examples
The following example adds the PAM application login-all
, which is defined in the currently selected zone, to the currently selected role:
add_pamapp_to_role login-all
The following example adds the PAM application access right oracle-admin
from the emea
zone to the currently selected role:
add_pamapp_to_role oracle-admin/emea
Related commands
The following commands enable you to view and select the role you want to work with:
- new_role creates a new role and stores it in memory.
- select_role retrieves a role from Active Directory and stores it in memory.
- get_roles returns a Tcl list of roles in the current zone.
- list_roles displays a list to
stdout
of all roles in the currently selected zone.
After you have a role stored in memory, you can use additional commands to work with that role’s fields, commands, and applications or use the following commands to delete or save the currently selected role:
- save_role saves the selected role with its current settings to Active Directory.
- delete_role deletes the selected role from Active Directory and from memory.