add_pamapp_to_role command to add a PAM application right to the currently selected role stored in memory. The PAM application right must already exist. You can create PAM application rights using new_pam_app.
add_pamapp_to_role command does not change the role as it is stored Active Directory. The command only changes the role stored in memory. You must save the role using save_role before the added PAM application takes effect in Active Directory. If you select another role or quit ADEdit before saving the role, any PAM application rights you’ve added since the last save won’t take effect.
You can only use the
add_pamapp_to_role if the currently selected zone is a classic4 or hierarchical zones. The command does not work in other types of zones.
Classic and hierarchical
This command takes no options.
This command takes the following argument:
Required. Specifies the name of an existing PAM application right to add to the currently selected role.
If the PAM application right that you want to add is defined in the current zone, the zonename argument is optional. If the PAM application right is defined in a zone other than the currently selected zone, the zonename argument is required to identify the specific PAM application right to add.
This command returns nothing if it runs successfully.
The following example adds the PAM application
login-all, which is defined in the currently selected zone, to the currently selected role:
The following example adds the PAM application access right
oracle-admin from the
emea zone to the currently selected role:
The following commands enable you to view and select the role you want to work with:
- new_role creates a new role and stores it in memory.
- select_role retrieves a role from Active Directory and stores it in memory.
- get_roles returns a Tcl list of roles in the current zone.
- list_roles displays a list to
stdoutof all roles in the currently selected zone.
After you have a role stored in memory, you can use additional commands to work with that role’s fields, commands, and applications or use the following commands to delete or save the currently selected role: