ROLES attribute

Returns a comma-separated list of domain roles for the user identity associated with the client-principal object. This list cannot contain embedded spaces. If not specified, the AVM returns a zero-length character string.

Data type:

CHARACTER

Access:

Readable/Writeable

Applies to:

Client-principal object handle

Once the client-principal object is sealed, this attribute is read-only, and attempting to write to it raises a run-time error.

Note:

You can use this attribute with the CAN-DO function, for example, to identify application functions accessible to a user both according to their user ID and according to their role.

See also:

CAN-DO function