list_role_rights

Use the list_role_rights command to return a list of all UNIX commands and PAM application rights set within the currently selected role. If executed in a script, this command outputs its list to stdout so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script.

The list_role_rights command does not query Active Directory for the role. If you change commands or PAM applications using ADEdit without saving the role to Active Directory, commands and PAM applications you retrieve using list_role_rights won’t match those stored in Active Directory.

You can only use list_role_rights to return role rights for classic4 and hierarchical zones.

Zone Type

Classic and hierarchical

Syntax

list_role_rights

Abbreviation

lsrr

Options

This command takes no options.

Arguments

This command takes no arguments.

Return Value

This command returns a list to stdout of the PAM application and UNIX command rights that are defined for the currently selected role.

Each entry lists the name of the application or command right, the attributes of the application or command, and any descriptive text.

Examples

list_role_rights

This example returns the list of PAM application and UNIX command rights:

dzssh-all/northamerica : dzssh-exec : Command execution login-all/seattle : * : Predefined global PAM permission. Do not delete. cron-exec/seattle : cron form(0) dzdo_runas(admin) flags(16) ;

Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select a role:

  • get_roles returns a Tcl list of roles in the current zone.
  • list_roles returns a list of all roles in the currently selected zone.
  • new_role creates a new role and stores it in memory.
  • select_role retrieves a role from Active Directory and stores it in memory.

After you have a role stored in memory, you can use the following commands to work with that role:

  • add_command_to_role adds a UNIX command right to the current role.
  • add_pamapp_to_role adds a PAM application right to the current role.
  • delete_role deletes the selected role from Active Directory and from memory.
  • get_role_apps returns a Tcl list of the PAM application rights associated with the current role.
  • get_role_commands returns a Tcl list of the UNIX commands associated with the current role.
  • get_role_field reads a field value from the current role.
  • remove_command_from_role removes a UNIX command from the current role.
  • remove_pamapp_from_role removes a PAM application from the current role.
  • save_role saves the selected role with its current settings to Active Directory.
  • set_role_field sets a field value in the current role.

list_roles

Use the list_roles command to check Active Directory and return a list of roles defined in the currently selected zone. If executed in a script, this command outputs its list to stdout so that the output appears in the shell where the script is executed. The command does not return a Tcl list back to the executing script. Use get_roles to return a Tcl list.

You can only use list_roles to return role information for classic4 and hierarchical zones.

Zone Type

Classic and hierarchical

Syntax

list_roles

Abbreviation

lsr

Options

This command takes no options.

Arguments

This command takes no arguments.

Return Value

This command returns a list to stdout of roles defined in the currently selected zone.

Examples

list_roles

This example returns the list of roles for the zone:

Rescue - always permit login

listed

scp

sftp

UNIX Login

Windows Login

winscp

Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a role:

  • get_roles returns a Tcl list of roles in the current zone.
  • new_role creates a new role and stores it in memory as the currently selected role.
  • select_role retrieves a role from Active Directory and stores it in memory as the selected role.

After you have a role stored in memory, you can use the following commands to work with that role:

  • add_command_to_role adds a UNIX command right to the current role.
  • add_pamapp_to_role adds a PAM application right to the current role.
  • delete_role deletes the selected role from Active Directory and from memory.
  • get_role_apps returns a Tcl list of the PAM application rights associated with the current role.
  • get_role_commands returns a Tcl list of the UNIX commands associated with the current role.
  • get_role_field reads a field value from the current role.
  • list_role_rights returns a list of all UNIX command and PAM application rights associated with the current role.
  • remove_command_from_role removes a UNIX command from the current role.
  • remove_pamapp_from_role removes a PAM application from the current role.
  • save_role saves the selected role with its current settings to Active Directory.
  • set_role_field sets a field value in the current role.