new_role_assignment command to create a new role assignment for the current zone and set the new role assignment as the currently selected role assignment in memory. The new role assignment has no field values set.
new_role_assignment command does not save the new role assignment to Active Directory. To save the role assignment, you must first set at least the “role” field using
set_role_assignment_field, then use
save_role_assignment. If you don’t save a new role assignment, it will disappear when you select another role assignment or when the ADEdit session ends.
You can only use the
new_role_assignment to create a role assignment if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.
Classic and hierarchical
new_role_assignment user|All AD users|All Unix users
This command takes no options.
This command takes the following argument:
user | All AD users | All Unix users
Required. Specifies the user or group to assign the role to.
This argument can be a user principal name (UPN) or a sAMAccountName if you are assigning a role to an Active Directory user or group, a UNIX user name or UID if assigning the role to a local UNIX user, or the UNIX group name if you assigning the role to a local UNIX group.
To assign a role to a local UNIX account, use the following format:
To assign the role to a domain user, use the following format:
You can also specify “All AD users” to assign a selected role to all Active Directory users or “All Unix users” to assign the selected role to all local UNIX users.
This argument is not supported if the selected zone is a classic4 zone.
This command returns nothing if it runs successfully.
This example creates a new role assignment for
firstname.lastname@example.org in the current zone. You must set at least one role assignment field and an available time for the role to be effective.
The following example creates a new role assignment for the local UNIX user
oracle in the current zone.
Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select role assignment to work with:
- get_role_assignments returns a Tcl list of role assignments in the current zone.
- list_role_assignments lists to
stdoutthe role assignments in the current zone.
- select_role_assignment retrieves a role assignment from Active Directory and stores it in memory.
After you have a role assignment stored in memory, you can use the following commands to work with that role assignment’s attributes, delete the role assignment, or save information for the role assignment:
- delete_role_assignment deletes the selected role assignment from Active Directory and from memory.
- get_role_assignment_field reads a field value from the currently selected role assignment.
- save_role_assignment saves the selected role assignment with its current settings to Active Directory.
- set_role_assignment_field sets a field value in the currently selected role assignment.