/Management/Action permissions
We might need to use the /Management/Action permissions to manage custom actions and action groups. Action tasks and associated permissions include:
Permission Operation d (delete) Delete an existing action or action group. m (modify) Create an action or action group.
To view an action or action group, no special permissions are required. Resource managers can call the authorization service through the authorization API. To integrate a resource manager with the authorization service:
- Define the object space for the resource manager.
- Define the action groups and actions for the resource manager.
- Apply permissions on resources and objects that need protection.
The administrator of a resource manager object space can use the pdadmin utility to define new permissions and actions. Resource managers generally define the actions and action groups that are applicable to the resources they are protecting.
The administrator must have the m and d permissions on the Management/Action object to create and delete these new permissions or actions.
Parent topic: /Management permissions