get_roles

Use the get_roles command to check Active Directory and return a Tcl list of roles defined within the currently selected zone. If executed in a script, this command does not output its list to stdout, and no output appears in the shell where the script is executed. Use list_roles to output the list to stdout.

You can only use the get_roles command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.

Zone type

Classic and hierarchical

Syntax

get_roles

Abbreviation

getr

Options

This command takes no options.

Arguments

This command takes no arguments.

Return value

This command returns a Tcl list of roles defined in the currently selected zone.

Examples

get_roles

This example returns the list of roles: 

{Rescue - always permit login} scp sftp listed {UNIX Login} {Windows Login} winscp

Related commands

Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select the role to work with:

  • list_roles lists to stdout the roles in the currently selected zone.
  • new_role creates a new role and stores it in memory.
  • select_role retrieves a role from Active Directory and stores it in memory.

After you have a role stored in memory, you can use the following commands to work with role:

  • add_command_to_role adds a UNIX command to the currently selected role.
  • add_pamapp_to_role adds a PAM application to the currently selected role.
  • delete_role deletes the selected role from Active Directory and from memory.
  • get_role_apps returns a Tcl list of the PAM applications associated with the currently selected role.
  • get_role_commands returns a Tcl list of the UNIX commands associated with the currently selected role.
  • list_role_rights returns a list of all UNIX commands and PAM applications associated with the currently selected role.
  • remove_command_from_role removes a UNIX command from the currently selected role.
  • remove_pamapp_from_role removes a PAM application from the currently selected role.
  • save_role saves the selected role with its current settings to Active Directory.
  • set_role_field sets a field value in the currently selected role.