list_role_rights command to return a list of all UNIX commands and PAM application rights set within the currently selected role. If executed in a script, this command outputs its list to
stdout so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script.
list_role_rights command does not query Active Directory for the role. If you change commands or PAM applications using ADEdit without saving the role to Active Directory, commands and PAM applications you retrieve using
list_role_rights won’t match those stored in Active Directory.
You can only use
list_role_rights to return role rights for classic4 and hierarchical zones.
Classic and hierarchical
This command takes no options.
This command takes no arguments.
This command returns a list to
stdout of the PAM application and UNIX command rights that are defined for the currently selected role.
Each entry lists the name of the application or command right, the attributes of the application or command, and any descriptive text.
This example returns the list of PAM application and UNIX command rights:
dzssh-all/northamerica : dzssh-exec : Command execution login-all/seattle : * : Predefined global PAM permission. Do not delete. cron-exec/seattle : cron form(0) dzdo_runas(admin) flags(16) ;
Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select a role:
- get_roles returns a Tcl list of roles in the current zone.
- list_roles returns a list of all roles in the currently selected zone.
- new_role creates a new role and stores it in memory.
- select_role retrieves a role from Active Directory and stores it in memory.
After you have a role stored in memory, you can use the following commands to work with that role:
- add_command_to_role adds a UNIX command right to the current role.
- add_pamapp_to_role adds a PAM application right to the current role.
- delete_role deletes the selected role from Active Directory and from memory.
- get_role_apps returns a Tcl list of the PAM application rights associated with the current role.
- get_role_commands returns a Tcl list of the UNIX commands associated with the current role.
- get_role_field reads a field value from the current role.
- remove_command_from_role removes a UNIX command from the current role.
- remove_pamapp_from_role removes a PAM application from the current role.
- save_role saves the selected role with its current settings to Active Directory.
- set_role_field sets a field value in the current role.