Action groups and actions
A domain administrator defines the actions that requesters can perform on objects in the protected object spaces. An action is a permission in an action group that is defined in the action group by an action bit.
A domain administrator modifies the ACL entries in an ACL policy before or after the ACL policy is attached to an object. The actions that can be defined in an ACL entry must be previously defined in an action group.
When ISAM is installed, the primary action group is created. The primary action group is an action group that is created during the installation of an application or resource manage. As additional applications and resource managers are installed, additional action groups might be created.
Independent of Whether additional action groups are created during subsequent installations, a domain administrator can create additional action groups. A domain administrator can create custom permissions in a primary action group or a custom action group by defining new action bits.
- Default permissions in the primary action group
Security Verify Access defines permissions with action bits. When we install Security Verify Access, the default primary action group is created. This action group contains 17 permissions.- Custom permissions in custom action groups
The default permissions in the primary action group are available to all applications. If a custom action group uses these default permissions, the associated actions must closely match that of the actual operation that is done by an action in the primary action group.
Parent topic: Manage access control