select_role_assignment

Use the select_role_assignment command to retrieve a role assignment in the currently selected zone from Active Directory. This command stores the role assignment in memory, and makes it the currently selected role assignment for subsequent ADEdit commands. The role assignment remains selected until you select another role assignment or zone, delete the role assignment, or end the ADEdit session.

If you use ADEdit commands such as set_role_assignment_field to change settings for the selected role assignment, you must save the selected role assignment using the save_role_assignment command for your changes to take effect in Active Directory. If you select another role assignment or end the ADEdit session before saving the currently selected role assignment, your changes will be lost.

You can only use the select_role_assignment command to select role assignments if the currently selected zone is a classic4 or hierarchical zone. The command does not work for other types of zones.

Zone type

Classic and hierarchical

Syntax

select_role_assignment principal/role[/zone]

Abbreviation

slra

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument Type Description

Argument	Type	Description
principal/role[/zone]	string	Required. Specifies the user principal name (UPN) of the user or group to whom the role is assigned, followed by a slash (/) and the name of the role to assign to the principal. The `zone` argument is optional if the role is defined in the currently selected zone. If the role is defined in a zone other than the currently selected zone, the `/zone` argument is required.

principal/role[/zone]

string

Required. Specifies the user principal name (UPN) of the user or group to whom the role is assigned, followed by a slash (/) and the name of the role to assign to the principal.

The zone argument is optional if the role is defined in the currently selected zone. If the role is defined in a zone other than the currently selected zone, the /zone argument is required.

Return value

This command returns nothing if it runs successfully.

Examples

select_role_assignment poweradmins@acme.com/root/global

This example retrieves the role assignment that assigns the role named root, as defined in the global zone, to the principal named poweradmins@acme.com. The principal is a group.

Related commands

Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a role assignment:

get_role_assignments returns a Tcl list of role assignments in the current zone.
list_role_assignments lists to stdout the role assignments in the current zone.
new_role_assignment creates a new role assignment and stores it in memory.
select_role_assignment retrieves a role assignment from Active Directory and stores it in memory.

After you have a role assignment stored in memory, you can use the following commands to work with that role assignment:

delete_role_assignment deletes the selected role assignment from Active Directory and from memory.
get_role_assignment_field reads a field value from the currently selected role assignment.
save_role_assignment saves the selected role assignment with its current settings to Active Directory.
set_role_assignment_field sets a field value in the currently selected role assignment.
write_role_assignment saves the selected role assignment to a file.