ROLES attribute Returns a comma-separated list of domain roles for the user identity associated with the client-principal object. This list cannot contain embedded spaces. If not specified, the AVM returns a zero-length character string. Data type: CHARACTER Access: Readable/Writeable Applies to: Client-principal object handle Once the client-principal object is sealed, this attribute is read-only, and attempting to write to it raises a run-time error. Note: You can use this attribute with the CAN-DO function, for example, to identify application functions accessible to a user both according to their user ID and according to their role. See also: CAN-DO function
