list_roles command to check Active Directory and return a list of roles defined in the currently selected zone. If executed in a script, this command outputs its list to
stdout so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script. Use
get_roles to return a Tcl list.
You can only use
list_roles to return role information for classic4 and hierarchical zones.
Classic and hierarchical
This command takes no options.
This command takes no arguments.
This command returns a list to
stdout of roles defined in the currently selected zone.
This example returns the list of roles for the zone:
Rescue - always permit login listed scp sftp UNIX Login Windows Login winscp
Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a role:
- get_roles returns a Tcl list of roles in the current zone.
- new_role creates a new role and stores it in memory as the currently selected role.
- select_role retrieves a role from Active Directory and stores it in memory as the selected role.
After you have a role stored in memory, you can use the following commands to work with that role:
- add_command_to_role adds a UNIX command right to the current role.
- add_pamapp_to_role adds a PAM application right to the current role.
- delete_role deletes the selected role from Active Directory and from memory.
- get_role_apps returns a Tcl list of the PAM application rights associated with the current role.
- get_role_commands returns a Tcl list of the UNIX commands associated with the current role.
- get_role_field reads a field value from the current role.
- list_role_rights returns a list of all UNIX command and PAM application rights associated with the current role.
- remove_command_from_role removes a UNIX command from the current role.
- remove_pamapp_from_role removes a PAM application from the current role.
- save_role saves the selected role with its current settings to Active Directory.
- set_role_field sets a field value in the current role.