new_role_assignment
Use the new_role_assignment command to create a new role assignment for the current zone and set the new role assignment as the currently selected role assignment in memory. The new role assignment has no field values set.
The new_role_assignment command does not save the new role assignment to Active Directory. To save the role assignment, you must first set at least the “role” field using set_role_assignment_field, then use save_role_assignment. If you don’t save a new role assignment, it will disappear when you select another role assignment or when the ADEdit session ends.
You can only use the new_role_assignment to create a role assignment if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.
Zone Type
Classic and hierarchical
Syntax
new_role_assignment user|All AD users|All Unix users
Abbreviation
newra
Options
This command takes no options.
Arguments
This command takes the following argument:
| Argument | Type | Description |
|---|---|---|
| user | All AD users | All Unix users | string | Required. Specifies the user or group to assign the role to. This argument can be a user principal name (UPN) or a sAMAccountName if you are assigning a role to an Active Directory user or group, a UNIX user name or UID if assigning the role to a local UNIX user, or the UNIX group name if you assigning the role to a local UNIX group. To assign a role to a local UNIX account, use the following format: oracle@localhost To assign the role to a domain user, use the following format: oracle@domain.name You can also specify “All AD users” to assign a selected role to all Active Directory users or “All Unix users” to assign the selected role to all local UNIX users. This argument is not supported if the selected zone is a classic4 zone. |
Return Value
This command returns nothing if it runs successfully.
Examples
new_role_assignment adam.avery@acme.com
This example creates a new role assignment for adam.avery@acme.com in the current zone. You must set at least one role assignment field and an available time for the role to be effective.
The following example creates a new role assignment for the local UNIX user oracle in the current zone.
new_role_assignment oracle@localhost
Related Commands
Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select role assignment to work with:
get_role_assignmentsreturns a Tcl list of role assignments in the current zone.list_role_assignmentslists tostdoutthe role assignments in the current zone.select_role_assignmentretrieves a role assignment from Active Directory and stores it in memory.
After you have a role assignment stored in memory, you can use the following commands to work with that role assignment’s attributes, delete the role assignment, or save information for the role assignment:
delete_role_assignmentdeletes the selected role assignment from Active Directory and from memory.get_role_assignment_fieldreads a field value from the currently selected role assignment.save_role_assignmentsaves the selected role assignment with its current settings to Active Directory.set_role_assignment_fieldsets a field value in the currently selected role assignment.write_role_assignmentsaves the selected role assignment to a file.
