Returns a comma-separated list of domain roles for the user identity associated with the client-principal object. This list cannot contain embedded spaces. If not specified, the AVM returns a zero-length character string.

Data type: CHARACTER

Access: Readable/Writeable

Applies to: Client-principal object handle

Once the client-principal object is sealed, this attribute is read-only, and attempting to write to it raises a run-time error.

Note: You can use this attribute with the CAN-DO function, for example, to identify application functions accessible to a user both according to their user ID and according to their role.

See also

CAN-DO function