list_role_rights
Use the list_role_rights
command to return a list of all UNIX commands and PAM application rights set within the currently selected role. If executed in a script, this command outputs its list to stdout
so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script.
The list_role_rights
command does not query Active Directory for the role. If you change commands or PAM applications using ADEdit without saving the role to Active Directory, commands and PAM applications you retrieve using list_role_rights
won’t match those stored in Active Directory.
You can only use list_role_rights
to return role rights for classic4 and hierarchical zones.
Zone type
Classic and hierarchical
Syntax
list_role_rights
Abbreviation
lsrr
Options
This command takes no options.
Arguments
This command takes no arguments.
Return value
This command returns a list to stdout
of the PAM application and UNIX command rights that are defined for the currently selected role.
Each entry lists the name of the application or command right, the attributes of the application or command, and any descriptive text.
Examples
list_role_rights
This example returns the list of PAM application and UNIX command rights:
dzssh-all/northamerica : dzssh-exec : Command execution login-all/seattle : * : Predefined global PAM permission. Do not delete. cron-exec/seattle : cron form(0) dzdo_runas(admin) flags(16) ;
Related commands
Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select a role:
- get_roles returns a Tcl list of roles in the current zone.
- list_roles returns a list of all roles in the currently selected zone.
- new_role creates a new role and stores it in memory.
- select_role retrieves a role from Active Directory and stores it in memory.
After you have a role stored in memory, you can use the following commands to work with that role:
- add_command_to_role adds a UNIX command right to the current role.
- add_pamapp_to_role adds a PAM application right to the current role.
- delete_role deletes the selected role from Active Directory and from memory.
- get_role_apps returns a Tcl list of the PAM application rights associated with the current role.
- get_role_commands returns a Tcl list of the UNIX commands associated with the current role.
- get_role_field reads a field value from the current role.
- remove_command_from_role removes a UNIX command from the current role.
- remove_pamapp_from_role removes a PAM application from the current role.
- save_role saves the selected role with its current settings to Active Directory.
- set_role_field sets a field value in the current role.