registerSwiftNetUser
Purpose
Use this command to:
- Create a SWIFTNet user and register the user in the central SWIFT directory
- Create a distinguished name (DN) for the user
The authoriser
DN you specify for this command must have one of the following SWIFT
roles:
- Delegator
- Issue the command without a four-eyes token. The command is processed.
- Delegator4eyes
- Issue the command without a four-eyes token. The command returns a four-eyes token. Another user with a similar role must then reissue this command with that four-eyes token.
Note: This command can take a few minutes to process.
To ensure that you receive the result, use the .set command
to set the timeout interval to a higher value. For example, to set
the timeout interval to 300 seconds (=300 000 milliseconds),
enter:
INST1.DNFSYSOU.DNFSAGCFG>.set -to 300000Format
Parameters
- -sag sag
- Name of the SAG.
- -ou ou
- Name of the business OU defined for FTM SWIFT. FTM SWIFT checks if the user who invokes the command is authorized to use the distinguished names (DN) specified in this command, for example, if the FTM SWIFT user is authorized to act on behalf of the specified DNs. The -ou parameter is only used by FTM SWIFT for access checking and is not attached to the command sent to SWIFTNet. The user must have the role DnfDNSec (see Configuring DNs and access to them).
- -user user
- User name. For the DN cn=john-smith,o=xxxxdeff,o=swift, the user name is john-smith. FTM SWIFT uses equivalent DNs, which are described in SWIFTNet Naming and Addressing Guide.
- -parent parent
- Distinguished name of the node in which the user is created. For the DN cn=john-smith,o=xxxxdeff,o=swift, the parent is o=xxxxdeff,o=swift.
- -type
- Type of node or user. Possible values:
- OrganizationUnit
- Organizational unit (OU).
- CommonName
- Real name of the user.
- NumberedCommonName
- User name with a number suffix when more than one SAG is used in the active-active mode.
- -authDn authoriserDN
- Distinguished name (DN) of the authoriser of this command. FTM SWIFT attaches the DN to the command and sends it to the SIPN. The SIPN checks if the DN is authorized to invoke this command. The specified DN must be certified and have the necessary roles assigned. You can use the DN of your local SWIFT security officer (see Configuring DNs and access to them).
- -reqDn requestorDN
- Distinguished name (DN) of the requestor of this command. FTM SWIFT attaches the DN to the command to specify the sender of the command and sends it to the SIPN. You can use the DN of your local SWIFT security officer. See Configuring DNs and access to them.
- -signDn signerDN
- Distinguished name (DN) of the signer of this command. FTM SWIFT attaches the DN to the command and sends it to the SIPN. The SIPN uses this DN for auditing purposes. The specified DN must be certified. You can use the DN of your local SWIFT security officer (see Configuring DNs and access to them).
Examples
The following command, entered
on a single line, registers the new SWIFTNet user john-smith. The
user node is created directly under the org node of the SWIFT directory
that is denoted by the parent parameter.
INST1.DNFSYSOU.DNFSAGCFG>rgsnu -sag SAG1
-ou BANKA
-user john-smith
-parent o=xxxxdeff,o=swift
-type CommonName
-authDn cn=ia-authoriser,o=xxxxdeff,o=swift
-reqDn cn=ia-requestor,o=xxxxdeff,o=swift
-signDn cn=ia-signer,o=xxxxdeff,o=swiftTo
create a node that specifies a department of your organization, specify
the value OrganizationUnit for the -type parameter.
INST1.DNFSYSOU.DNFSAGCFG>rgsnu -sag SAG1
-ou BANKA
-user john-smith
-parent o=xxxxdeff,o=swift
-type OrganizationUnit
-authDn cn=ia-authoriser,o=xxxxdeff,o=swift
-reqDn cn=ia-requestor,o=xxxxdeff,o=swift
-signDn cn=ia-signer,o=xxxxdeff,o=swift