Manage action groups

Permissions grant access to do a specific operation on resources protected by ISAM.

ISAM provides 17 predefined permissions for immediate use. These permissions are stored in the predefined action group named primary.

Each permission is associated with an action bit. These predefined permissions are described in Default permissions in the primary action group.

Security Verify Access can create resource manager-specific permissions. For example, we can define the Enqueue permission to grant access to put messages in a message queue.

ISAM supports a total of 32 action groups, including the primary action group. When we define an action group, the following guidelines and limitations apply:

• Each action group can hold up to 32 action bits (including the action bits for the 17 predefined permissions).
• An action bit is made up of a letter: a-z, A-Z.
• Each action bit character can be used only one time in an action group.

• We can reuse the same action bit in other action groups.

• Create action groups
  We can create an action group with the Web Portal Manager or pdadmin utility.
• List action groups
  We can list all action groups with the Web Portal Manager or pdadmin utility.
• Delete an action group
  We can delete an action group with the Web Portal Manager or pdadmin utility.

Parent topic: Manage access control