Role object management commands

You can use the following role object commands to create, select, save, and delete role objects and manage role properties in the currently selected zone.

Command Description

add_command_to_role

Adds a privileged command to the currently selected role.

add_pamapp_to_role

Adds a PAM application right to the currently selected role.

delete_role

Deletes the selected role from Active Directory and from memory.

get_role_apps

Returns a Tcl list of the PAM applications associated with the currently selected role.

get_role_commands

Returns a Tcl list of the privileged commands associated with the currently selected role.

get_role_field

Returns the value for a specified field from the currently selected role.

get_roles

Returns a Tcl list of roles in the current zone.

list_role_rights

List all privileged commands and PAM applications associated with the currently selected role in stdout.

list_roles

Lists all roles in the currently selected zone along with object data for each role in stdout.

new_role

Creates a new role and stores it in memory as the currently selected role.

remove_command_from_role

Removes a privileged command from the currently selected role.

remove_pamapp_from_role

Removes a PAM application from the currently selected role.

save_role

Saves the selected role with its current settings to Active Directory.

select_role

Retrieves a role from Active Directory and stores it in memory as the selected role.

set_role_field

Sets the value for a specified field in the currently selected role.