action create
Creates and adds an action (permission) to an action group.
Requires authentication (administrator ID and password) to use this command.
Syntax
action create action_name action_label action_type [action_group_name]
Description
Action codes (permissions) consist of one alphabetic character (a-z or A-Z) and are case-sensitive. Each action code can be used only once within an action group. Ensure that you do not attempt to redefine the default action codes when you add custom codes to the primary group.
Options
action_group_name- Specifies the name of the action group to which the action code
is to be added. If no action group is specified, the action is added
to the
primaryaction group. Supports a maximum of 32 action groups. Examples of action group names areprimaryandtest-group. (Optional) action_label- Specifies the label or description for the action. Each default
permission is displayed with a label that describes the operation
that it governs. In addition, the ACLs are grouped in one of the following
ways, according to their use:
- In a particular part of the
objectspace, such as,WebSEAL. - Across the entire
objectspace, such as,Base,Generic.
For example,timeis the action label in the following example:k time Ext-AuthznA valid action label is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed.
Examples of action labels:
time,Generic,Base, andWebSEAL - In a particular part of the
action_name- Specifies the new single-character permission that is being created,
which can be specified by using any case.
Security Access Manager uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z).
For example,kis the action name in the following example:k time Ext-Authzn action_type- Specifies the organizational category for this action within a
specified action group. The action type can be a description of the
action, such as what application the action is specific to. The action
type is application-specific and typically refers to:
- The application that defined the action, such as,
WebSEAL. - The function that uses the action, such as,
Ext-Authzn, for extended authorization checks.
A valid action type is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed.
For example,Ext-Authznis the action type in the following example:k time Ext-Authzn - The application that defined the action, such as,
Return codes
- 0
- The command completed successfully.
- 1
- The command failed. When a command fails, the pdadmin command
provides a description of the error and an error status code in hexadecimal
format (for example,
0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.
Examples
- The following example creates an action code named
kwith an action label oftimeand an action type ofExt-Authznwithin theprimaryaction group:pdadmin sec_master> action create k time Ext-Authzn - The following example creates a customized action named
Pand an action label ofTest-Actionwith an action type ofSpecialwithin thetest-groupaction group:pdadmin sec_master> action create P Test-Action Special test-group