action create

Creates and adds an action (permission) to an action group.

Requires authentication (administrator ID and password) to use.

action create action_name action_label action_type [action_group_name]

Action codes (permissions) consist of one alphabetic character (a-z or A-Z) and are case-sensitive. Each action code can be used only once within an action group. Ensure that we do not attempt to redefine the default action codes when we add custom codes to the primary group.

Options

action_group_name

Name of the action group to which the action code is to be added. If no action group is specified, the action is added to the primary action group. Supports a maximum of 32 action groups. Examples of action group names are primary and test-group. (Optional)

action_label

Label or description for the action. Each default permission is displayed with a label describing the operation that it governs. In addition, the ACLs are grouped in one of the following ways, according to their use:

• In a particular part of the objectspace, such as, WebSEAL.
• Across the entire objectspace, such as, Base, Generic.

For example, time is the action label in the following example:

k time Ext-Authzn

A valid action label is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed.

Examples of action labels: time, Generic, Base, and WebSEAL

action_name

New single-character permission being created, which can be specified using any case.

ISAM uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z). For example, k is the action name in the following example:

k time Ext-Authzn

action_type

Specifies the organizational category for this action within a specified action group. The action type can be a description of the action, such as what application the action is specific to. The action type is application-specific and typically refers to:

• The application that defined the action, such as, WebSEAL.
• The function that uses the action, such as, Ext-Authzn, for extended authorization checks.

A valid action type is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed. For example, Ext-Authzn is the action type in the following example:

k time Ext-Authzn

Return codes

0

The command completed successfully.

1

The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the ISAM error messages by decimal or hexadecimal codes.

Examples

• Create an action code named k with an action label of time and an action type of Ext-Authzn within the primary action group:

  pdadmin sec_master> action create k time Ext-Authzn

Create a customized action named P and an action label of Test-Action with an action type of Special within the test-group action group:

pdadmin sec_master> action create P Test-Action Special test-group

See also

action delete

Parent topic: pdadmin commands