get_role_assignment_field

Use the get_role_assignment_field command to return the value for a specified field from the currently selected role assignment stored in memory. The get_role_assignment_field command does not query Active Directory for the role assignment. If you change field values using ADEdit without saving the role assignment to Active Directory, the field value you retrieve using get_role_assignment_field won’t match the same field value for the role assignment stored in Active Directory.

You can only use the get_role_assignment_field command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.

Zone type

Classic and hierarchical

Syntax

get_role_assignment_field field

Abbreviation

graf

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument Type Description

field

string

Required. Specifies the case-sensitive name of the field whose value to retrieve. The possible values are:

 

 

assignee: Returns user display name in format specific to type of logged in user.

 

 

customAttr: Returns the custom text strings set for the role assignment.

 

 

customAttr: Returns the custom text strings set for the role assignment.

 

 

description: Returns the description for the role assignment.

 

 

dn: Returns the role assignment’s distinguished name.

 

 

from: Returns the starting date and time for the role assignment.

The start and end dates and times are expressed in standard UNIX time. You can use the Tcl clock command to manipulate these values. A value of 0 indicates no date or time is set for the role assignment.

 

 

modifyTime: Returns the time and date this role assignment was last modified, returned in generalized time format.

 

 

ptype: Returns a letter or symbol that indicates the account type associated with a role assignment. You can use the explain_ptype command to translate the returned value into a text string that describes the account type.

 

 

role: Returns the name of the role and the zone in which the role is defined.

 

 

to: Returns the ending date and time for the role assignment.

Return value

This command returns a field value. The data type depends on the field specified.

Examples

This example returns the role name (root) and the zone where the role is defined (global): 

get_role_assignment_field role 

root/global

This example returns the assignee display name in the appropriate format.

get_role_assignment_field assignee

  • For AD user/group:

    CN=dc1,CN=Users,DC=sayms,DC=local

  • For trusted forest AD user/group:

    CN=S-1-5-21-4259971489-770964042-439865176-1106,CN=ForeignSecurityPrincipals,DC=sayms,DC=local

  • For local uid:

    #56789@localhost

  • For local user:

    localuser1@localhost

  • For local group:

    %localgroup1@localhost

Related commands

Before you use this command, you must have a currently selected role assignment stored in memory. The following commands to view and select the role assignment to work with: