remove_pamapp_from_role

Use the remove_pamapp_from_role command to remove a PAM application access right from the currently selected role stored in memory.

The remove_pamapp_from_role command does not change the role as it is stored Active Directory. To remove the PAM application right from the role stored in Active Directory, you must save your changes using the save_role command. If you select another role or quit ADEdit before saving the role, any PAM applications you’ve removed since the last save won’t take effect.

You can only use the remove_pamapp_from_role command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.

Zone Type

Classic and hierarchical

Syntax

remove_pamapp_from_role app[/zonename]

Abbreviation

rpamfr

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument	Type	Description
app[/zonename]	string	Required. Specifies the name of a PAM application right to remove from the currently selected role. If the PAM application right that you want to remove is defined in the current zone, the zonename argument is optional. If the PAM application right is defined in a zone other than the currently selected zone, the zonename argument is required to identify the specific PAM application right to remove.

Return Value

This command returns nothing if it runs successfully.

Examples

remove_pamapp_from_role ftp-all

This example removes the PAM application right named ftp-all defined in the currently selected zone from the currently selected role.

To remove the PAM application right when it is defined in the seattle zone, you would include the zone name:

remove_pamapp_from_role ftp-all/seattle

Related Commands

Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select the role to work with:

• get_roles returns a Tcl list of roles in the current zone.
• list_roles lists to stdout the roles in the current zone.
• new_role creates a new role and stores it in memory.
• select_role retrieves a role from Active Directory and stores it in memory.

After you have a role stored in memory, you can use the following commands to work with that role:

*add_command_to_roleadds a UNIX command to the current role.

• add_pamapp_to_role adds a PAM application to the current role. 'delete_role" deletes the selected role from Active Directory and from memory. *get_role_apps returns a Tcl list of the PAM applications associated with the current role.
• get_role_commands returns a Tcl list of the UNIX commands associated with the current role.
• list_role_rights returns a list of all UNIX commands and PAM applications associated with the current role. *remove_command_from_roleremoves a UNIX command from the current role.
• save_role saves the selected role with its current settings to Active Directory.
• set_role_field sets a field value in the current role.