action create
Creates and adds an action (permission) to an action group.
Requires authentication (administrator ID and password) to use this command.
Syntax
action create action_name action_label action_type [action_group_name]
Description
Action codes (permissions) consist of one alphabetic character (a-z or A-Z) and are case-sensitive. Each action code can be used only once within an action group. Ensure that you do not attempt to redefine the default action codes when you add custom codes to the primary group.
Options
- action_group_name
- Specifies the name of the action group to which the action code is to be added. If no action group is specified, the action is added to the primary action group. Supports a maximum of 32 action groups. Examples of action group names are primary and test-group. (Optional)
- action_label
- Specifies the label or description for the action. Each default
permission is displayed with a label that describes the operation
that it governs. In addition, the ACLs are grouped in one of the following
ways, according to their use:
- In a particular part of the objectspace, such as, WebSEAL.
- Across the entire objectspace, such as, Base, Generic.
For example, time is the action label in the following example:k time Ext-Authzn
A valid action label is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed.
Examples of action labels: time, Generic, Base, and WebSEAL
- action_name
- Specifies the new single-character permission that is being created,
which can be specified by using any case.
Security Access Manager uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z).
For example, k is the action name in the following example:k time Ext-Authzn
- action_type
- Specifies the organizational category for this action within a
specified action group. The action type can be a description of the
action, such as what application the action is specific to. The action
type is application-specific and typically refers to:
- The application that defined the action, such as, WebSEAL.
- The function that uses the action, such as, Ext-Authzn, for extended authorization checks.
A valid action type is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed.
For example, Ext-Authzn is the action type in the following example:k time Ext-Authzn
Return codes
- 0
- The command completed successfully.
- 1
- The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.
Examples
- The following example creates an action code named k with
an action label of time and an action type of Ext-Authzn within
the primary action group:
pdadmin sec_master> action create k time Ext-Authzn
- The following example creates a customized action named P and
an action label of Test-Action with an action type
of Special within the test-group action
group:
pdadmin sec_master> action create P Test-Action Special test-group