Action groups and actions
A domain administrator defines the actions that requesters can perform on objects in the protected object spaces. An action is a permission in an action group that is defined in the action group by an action bit.
A domain administrator modifies the ACL entries in an ACL policy before or after the ACL policy is attached to an object. The actions that can be defined in an ACL entry must be previously defined in an action group.
When Verify Identity Access is
installed, the primary action group is created. The primary action
group is an action group that is created during the installation of
an application or resource manage. As additional applications and
resource managers are installed, additional action groups might be
created.
Independent of whether additional action groups are created during subsequent installations, a domain administrator can create additional action groups. A domain administrator can create custom permissions in a primary action group or a custom action group by defining new action bits.