Action groups and actions

A domain administrator defines the actions that requesters can perform on objects in the protected object spaces. An action is a permission in an action group that is defined in the action group by an action bit.

A domain administrator modifies the ACL entries in an ACL policy before or after the ACL policy is attached to an object. The actions that can be defined in an ACL entry must be previously defined in an action group.

When ISAM is installed, the primary action group is created. The primary action group is an action group that is created during the installation of an application or resource manage. As additional applications and resource managers are installed, additional action groups might be created.

Independent of Whether additional action groups are created during subsequent installations, a domain administrator can create additional action groups. A domain administrator can create custom permissions in a primary action group or a custom action group by defining new action bits.

Parent topic: Manage access control