Undefined actions are only of value for users in the administrative hierarchy. Assuming that users have the appropriate user privileges to perform a given action, actions that an object’s security explicitly denies or allows are enforced. If an action is undefined for a user, and that user is in the administrative hierarchy for the object, the user is allowed or denied the ability to perform that action based on their individual user privileges. All general users that are not in the administrative hierarchy for the object are denied the ability to perform that action.

In summary, Metrics Management checks action requests in the following order: