create_assignment

Use the create_assignment command to create a new role assignment for a user or group and save it to Active Directory.

Syntax

create_assignment upn role[/zonename] [from] [to] [description]

Options

This command takes no options.

Arguments

This command takes the following arguments:

Argument Type Description

upn

string

Required. Specifies the user principal name of the Active Directory user or group to whom to assign the role.

role/[zonename]

string

Required. Specifies the name of the role to assign and (optional) the name of the zone in which the role is assigned.

If the zone name is present, a slash(/) separates the role name and the zone name. If the zone name isn’t present, the role assignment occurs in the currently selected zone.

from

string

Optional. Specifies the start date and time for the role assignment.

The start date and time can be expressed using the format:

yr-mon-day hour:min

to

string

Optional. Specifies the expiration date and time for the role is assignment. The expiration date and time can be expressed using the format:

yr-mon-day hour:min

description

string

Optional. Specifies a description of the role assignment.

Return value

This command returns nothing if it runs successfully.

Examples

create_assignment ulysses.urkham@acme.com admin/support 0 0 “Test assignment”

This example creates a role assignment for the rights defined in the role “admin” from the “support” zone to the user Ulysses Urkham. The role assignment is set to start immediately (0) and never expire (0) and has an optional description.

create_assignment amy@example.demo mgr {2016-03-31 10:51} {2016-03-31 12:51}

This example creates a role assignment for the rights defined in the role “mgr” from the current zone to the user amy@example.com. This role assignment is set to start at a specific time and expire two hours later and has no description.

Related Tcl library commands

None.