get_role_assignment_field
Use the get_role_assignment_field
command to return the value for a specified field from the currently selected role assignment stored in memory. The get_role_assignment_field
command does not query Active Directory for the role assignment. If you change field values using ADEdit without saving the role assignment to Active Directory, the field value you retrieve using get_role_assignment_field
won’t match the same field value for the role assignment stored in Active Directory.
You can only use the get_role_assignment_field
command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.
Zone type
Classic and hierarchical
Syntax
get_role_assignment_field field
Abbreviation
graf
Options
This command takes no options.
Arguments
This command takes the following argument:
Argument | Type | Description |
field |
string |
Required. Specifies the case-sensitive name of the field whose value to retrieve. The possible values are: |
|
|
assignee: Returns user display name in format specific to type of logged in user. |
|
|
customAttr: Returns the custom text strings set for the role assignment. |
|
|
customAttr: Returns the custom text strings set for the role assignment. |
|
|
description: Returns the description for the role assignment. |
|
|
dn: Returns the role assignment’s distinguished name. |
|
|
from: Returns the starting date and time for the role assignment. The start and end dates and times are expressed in standard UNIX time. You can use the Tcl clock command to manipulate these values. A value of 0 indicates no date or time is set for the role assignment. |
|
|
modifyTime: Returns the time and date this role assignment was last modified, returned in generalized time format. |
|
|
ptype: Returns a letter or symbol that indicates the account type associated with a role assignment. You can use the explain_ptype command to translate the returned value into a text string that describes the account type. |
|
|
role: Returns the name of the role and the zone in which the role is defined. |
|
|
to: Returns the ending date and time for the role assignment. |
Return value
This command returns a field value. The data type depends on the field specified.
Examples
This example returns the role name (root
) and the zone where the role is defined (global
):
get_role_assignment_field role
root/global
This example returns the assignee display name in the appropriate format.
get_role_assignment_field assignee
-
For AD user/group:
CN=dc1,CN=Users,DC=sayms,DC=local
-
For trusted forest AD user/group:
CN=S-1-5-21-4259971489-770964042-439865176-1106,CN=ForeignSecurityPrincipals,DC=sayms,DC=local
-
For local uid:
#56789@localhost
-
For local user:
localuser1@localhost
-
For local group:
%localgroup1@localhost
Related commands
Before you use this command, you must have a currently selected role assignment stored in memory. The following commands to view and select the role assignment to work with: