Use the new_role_assignment command to create a new role assignment for the current zone and set the new role assignment as the currently selected role assignment in memory. The new role assignment has no field values set.

The new_role_assignment command does not save the new role assignment to Active Directory. To save the role assignment, you must first set at least the “role” field using set_role_assignment_field, then use save_role_assignment. If you don’t save a new role assignment, it will disappear when you select another role assignment or when the ADEdit session ends.

You can only use the new_role_assignment to create a role assignment if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.

Zone type

Classic and hierarchical


new_role_assignment user|All AD users|All Unix users




This command takes no options.


This command takes the following argument:

Argument Type Description

user | All AD users | All Unix users


Required. Specifies the user or group to assign the role to.

This argument can be a user principal name (UPN) or a sAMAccountName if you are assigning a role to an Active Directory user or group, a UNIX user name or UID if assigning the role to a local UNIX user, or the UNIX group name if you assigning the role to a local UNIX group.

To assign a role to a local UNIX account, use the following format:


To assign the role to a domain user, use the following format:

You can also specify “All AD users” to assign a selected role to all Active Directory users or “All Unix users” to assign the selected role to all local UNIX users.

This argument is not supported if the selected zone is a classic4 zone.

Return value

This command returns nothing if it runs successfully.



This example creates a new role assignment for in the current zone. You must set at least one role assignment field and an available time for the role to be effective.

The following example creates a new role assignment for the local UNIX user oracle in the current zone.

new_role_assignment oracle@localhost

Related commands

Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select role assignment to work with:

After you have a role assignment stored in memory, you can use the following commands to work with that role assignment’s attributes, delete the role assignment, or save information for the role assignment: