get_role_assignments
Use the get_role_assignments
command to check Active Directory and return a Tcl list of role assignments defined within the currently selected zone. If executed in a script, this command does not output its list to stdout
, and no output appears in the shell where the script is executed. Use list_role_assignments
to output the list to stdout
.
If you do not specify an option, the command returns the current users and groups in the zone with a role assignment.
You can only use the get_role_assignments
command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.
Zone type
Classic and hierarchical
Syntax
get_role_assignments [-upn] [-user] [-group] [-invalid]
Abbreviation
gra
Options
This command takes any one of the following options:
Option | Description |
-upn |
Returns user names in user principal name (UPN) format, not the default |
-user |
Returns a Tcl list of the current users in the zone with a role assignment. |
-group |
Returns a Tcl list of the current groups in the zone with a role assignment. |
-invalid |
Returns a Tcl list of any invalid role assignments in the zone. For example, this option would return role assignment for a group or user that no longer exists. |
Arguments
This command takes no arguments.
Return value
This command returns a Tcl list of role assignments defined in the currently selected zone. Each role assignment includes the sAMAccount@domain
name or the user principal name of the user or group to whom the role is assigned, the name of the role assigned, and the zone in which the role is defined. These three pieces of data are separated from each other by a slash (/).
Examples
get_role_assignments
This example returns the list of role assignments:
poweradmins@acme.com/root/global proj_admins@acme.com/login/global
Related commands
Before you use this command, you must have a currently selected zone stored in memory. After you have a zone stored in memory, you can use the following commands to view and select the role assignment to work with:
- list_role_assignments lists to
stdout
the role assignments in the current zone. - new_role_assignment creates a new role assignment and stores it in memory.
- select_role_assignment retrieves a role assignment from Active Directory and stores it in memory.
After you have a role assignment stored in memory, you can use the following commands to work with that role assignment’s attributes, delete the role assignment, or save information for the role assignment:
- delete_role_assignment deletes the selected role assignment from Active Directory and from memory.
- get_role_assignment_field reads a field value from the currently selected role assignment.
- save_role_assignment saves the selected role assignment with its current settings to Active Directory.
- set_role_assignment_field sets a field value in the currently selected role assignment.