new_role command to create a new role for the current zone and set the new role as the currently selected role in memory. The new role has no field values set. The
new_role command does not save the new role to Active Directory. To save the new role, you must use
save_role. If you don’t save a new role, it will disappear when you select another role or when the ADEdit session ends.
You can only use the
new_role to create a role if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.
Classic and hierarchical
This command takes no options.
This command takes the following argument:
Required. Specifies the name to assign to the new role.
This command returns nothing if it runs successfully.
This example creates a new role named
customerservice in the current zone.
Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select roles:
- get_roles returns a Tcl list of roles in the current zone.
- list_roles lists to
stdoutthe roles in the current zone.
- select_role retrieves a role from Active Directory and stores it in memory.
After you have a role stored in memory, you can use the following commands to work with that role:
- add_command_to_role adds a UNIX command to the current role.
- add_pamapp_to_role adds a PAM application to the current role.
- delete_role deletes the selected role from Active Directory and from memory.
- get_role_apps returns a Tcl list of the PAM applications associated with the currently selected role.
- get_role_commands returns a Tcl list of the UNIX commands associated with the current role.
- get_role_field reads a field value from the currently selected role.
- list_role_rights returns a list of all UNIX commands and PAM application rights associated with the current role.
- remove_command_from_role removes a UNIX command from the current role.
- remove_pamapp_from_role removes a PAM application from the current role.
- save_role saves the selected role with its current settings to Active Directory.
- set_role_field sets a field value in the currently selected role.