action create

Creates and adds an action (permission) to an action group.

Requires authentication (administrator ID and password) to use this command.

Syntax

action create action_name action_label action_type [action_group_name]

Description

Action codes (permissions) consist of one alphabetic character (a-z or A-Z) and are case-sensitive. Each action code can be used only once within an action group. Ensure that you do not attempt to redefine the default action codes when you add custom codes to the primary group.

Options

action_group_name
Specifies the name of the action group to which the action code is to be added. If no action group is specified, the action is added to the primary action group. Supports a maximum of 32 action groups. Examples of action group names are primary and test-group. (Optional)
action_label
Specifies the label or description for the action. Each default permission is displayed with a label that describes the operation that it governs. In addition, the ACLs are grouped in one of the following ways, according to their use:
  • In a particular part of the objectspace, such as, WebSEAL.
  • Across the entire objectspace, such as, Base, Generic.
For example, time is the action label in the following example: 
k time Ext-Authzn

A valid action label is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed.

Examples of action labels: time, Generic, Base, and WebSEAL

action_name
Specifies the new single-character permission that is being created, which can be specified by using any case.

Security Access Manager uses a set of default actions that cover a wide range of operations. Valid actions, or permissions, are represented by single alphabetic ASCII characters (a-z, A-Z).

For example, k is the action name in the following example: 
k time Ext-Authzn
action_type
Specifies the organizational category for this action within a specified action group. The action type can be a description of the action, such as what application the action is specific to. The action type is application-specific and typically refers to:
  • The application that defined the action, such as, WebSEAL.
  • The function that uses the action, such as, Ext-Authzn, for extended authorization checks.

A valid action type is an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. Spaces are not allowed.

For example, Ext-Authzn is the action type in the following example: 
k time Ext-Authzn

Return codes

0
The command completed successfully.
1
The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.

Examples

  • The following example creates an action code named k with an action label of time and an action type of Ext-Authzn within the primary action group: 
    pdadmin sec_master> action create k time Ext-Authzn
  • The following example creates a customized action named P and an action label of Test-Action with an action type of Special within the test-group action group: 
    pdadmin sec_master> action create P Test-Action Special test-group

See also

action delete

Parent topic: pdadmin commands