set_role_assignment_field

Use the set_role_assignment_field command to sets the value for a specified field in the currently selected role assignment stored in memory. The set_role_assignment_field command does not set a field value stored in Active Directory for this role assignment.

If you change any fields, you must save the role assignment using the save_role_assignment command for your changes to take effect in Active Directory. If you select another role assignment or end the ADEdit session before saving the currently selected role assignment, your changes will be lost.

You can only use the set_role_assignment_field command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.

Zone type

Classic and hierarchical

Syntax

set_role_assignment_field field value

Abbreviation

sraf

Options

This command takes no options.

Arguments

This command takes the following arguments:

Argument Type Description

Argument	Type	Description
field	string	Required. Specifies the name of the field that you want to set. The possible values are: customAttr: Sets custom text strings for the role assignment. This field is only applicable for hierarchical zones. description: Sets the description for the role assignment. from: Sets the starting date and time for the role assignment. The date and time is expressed in standard UNIX time. The Tcl `clock` command manipulates these time values. A value of 0 means no starting date and time for the role assignment. role: Sets the name of the role to assign and the zone in which the role was defined. The zone value is optional if the role is defined in the currently selected zone. The zone is required if the role is defined in another zone. to: Sets the ending date and time for the role assignment. The start and end dates and times are expressed in standard UNIX time. You can use the Tcl `clock` command to manipulate these values. A value of 0 indicates no date or time is set for the role assignment.
value	depends on field	Required. Specifies the value to assign to the specified field. In some cases, you can assign a dash (-) or an empty string to unset a field value. However, this is not supported for all fields or all zone types.

field

string

Required. Specifies the name of the field that you want to set. The possible values are:

customAttr: Sets custom text strings for the role assignment. This field is only applicable for hierarchical zones.
description: Sets the description for the role assignment.
from: Sets the starting date and time for the role assignment. The date and time is expressed in standard UNIX time. The Tcl clock command manipulates these time values. A value of 0 means no starting date and time for the role assignment.
role: Sets the name of the role to assign and the zone in which the role was defined.
The zone value is optional if the role is defined in the currently selected zone. The zone is required if the role is defined in another zone.
to: Sets the ending date and time for the role assignment.
The start and end dates and times are expressed in standard UNIX time. You can use the Tcl clock command to manipulate these values. A value of 0 indicates no date or time is set for the role assignment.

value

depends on field

Required. Specifies the value to assign to the specified field.

In some cases, you can assign a dash (-) or an empty string to unset a field value. However, this is not supported for all fields or all zone types.

Return value

This command returns nothing if it runs successfully.

Examples

set_role_assignment_field role su-root/global

This example assigns the role named su-root that is defined in the global zone.

Related commands

Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a role assignment:

get_role_assignments returns a Tcl list of role assignments in the current zone.
list_role_assignments lists to stdout the role assignments in the current zone.
new_role_assignment creates a new role assignment and stores it in memory.
select_role_assignment retrieves a role assignment from Active Directory and stores it in memory.

After you have a role assignment stored in memory, you can use the following commands to work with that role assignment:

delete_role_assignment deletes the selected role assignment from Active Directory and from memory.
get_role_assignment_field reads a field value from the currently selected role assignment.
save_role_assignment saves the selected role assignment with its current settings to Active Directory.