get_user_role_assignments

Use the get_user_role_assignments command to retrieve all of the role assignments in the current zone for a specified user. This command returns all of the role assignments from the groups to which the user belongs and the role assignments assigned directly to the user account.

The command checks Active Directory for the user you specify, identifies the groups that the user is a member of, then returns all the role assignments for the list of groups the user is a member and that have been specifically assigned to the user account, including any user role assignments made in computer roles for the currently selected zone.

Syntax

get_user_role_assignments [-visible] [-hostname hostname] user_DN

Abbreviation

None.

Options

This command takes the following option:

Option	Description
-visible	Specifies that you want to return only visible role assignments in the zone. Use this option to return role assignments for the roles that are identified as visible. This option is only applicable in hierarchical zones.
-hostname	Specifies the computer name to search for role assignments to the user in computer roles. If you set this option, the command checks for computer role assignments in the currently selected zone.

Arguments

This command takes the following argument:

Argument	Type	Description
user_DN	string	Required. Specifies the user whose role assignments you want to return. You can use this argument to specify the distinguished name (DN) for a user or a group.

Return value

This command returns a list of all role assignments for the specified Active Directory user in the currently selected zone.

Note that the command does not return role assignments for all zones where the user might be assigned a role.

Examples

select_zone “cn=northamerica,cn=zones,ou=acme,dc=pistolas,dc=org”

get_user_role_assignments “cn=amy.adams,cn=users,dc=pistolas,dc=org”

This example returns a list of groups:

{amy.adams@pistolas.org/UNIX Login/northamerica} {adm‑sf@pistolas.org/Root/sanfrancisco} {apps@pistolas.org/demos/seattle}

Related Tcl library commands

The following commands perform actions related to this command:

• get_all_zone_users returns a Tcl list of zone users for the specified zone and all of its parent zones.
• get_effective_groups returns a list of the groups to which the user belongs.