Creating MER Facility administrator roles
To create specific MER Facility administrator roles, a
user with DniUA authorization in SYSOU can combine one ore more of
the following attributes of the CO ALL of type DnqEROURights into
a new role:
- COPY
- Allows a user to copy messages (but not templates or new drafts) between queues of the OU.
- DELETE
- Allows a user to delete messages and drafts (but not templates) of the OU.
- MOVE
- Allows a user to move messages (but not templates or new drafts) from any redirect queue to a different main queue of the OU.
- RETRYROUTING
- Allows a user to retry routing operations for the messages of the OU.
- UNLOCK
- Allows a user to unlock the messages of the OU, regardless of who locked a message.
- VIEW
- Allows a user to view the contents (but not the history) of messages and drafts (but not templates) of the OU.
- VIEWHISTORY
- Allows a user to view the history of messages and drafts for the OU.
For example, to create an administrator role
that allows for unlocking messages that other users did lock and moving
messages to other queues you use the following CLI commands:
cre -ro MyMsgAdminUnlockMove -desc 'unlock and move messages'
add -ro MyMsgAdminUnlockMove -ct DnqEROURights -co ALL -attr UNLOCK
add -ro MyMsgAdminUnlockMove -ct DnqEROURights -co ALL -attr MOVEAdministrator operations do not apply to specific queues, messages types, or local addresses, but are effective for all messages associated with the OU for which the permission is granted. For example, if a user is assigned a role that contains the DELETE access right, that user is able to delete any message in the OU.
For roles
to administer templates, add the attribute TEMPLATEADMIN of the COs
of all queues to which the role is to apply. Use an asterisk (*) as
a wildcard to represent any number of trailing characters. For example,
to give users to whom the role MyFinTemplAdmin was assigned access
to all queues with CO names that begin with FINCreate (for example,
FINCreate01, FINCreate02, FINCreate03, and so on), add the following
attribute to the role:
add -ro MyFinTemplAdmin -ct DnqERQueue -co FINCreate* -attr TEMPLATEADMINTo create an administrator
role that allows for changing the local address of messages on Edit
queues, add the attribute CHANGELOCALADDR of the COs of all Edit queues
to which the role is to apply. Use an asterisk (*) as a wildcard to
represent any number of trailing characters. For example, to give
users to whom the role MyFinAddrAdmin was assigned access to all queues
with CO names that begin with FINEdit (for example, FINEdit01, FINEdit02,
FINEdit03, and so on), add the following attribute to the role:
add -ro MyFinAddrAdmin -ct DnqERQueue -co FINEdit* -attr CHANGELOCALADDR