Predefined entities

The configuration entities and security entities you need to configure and administer FTM SWIFT are delivered with the product, and listed here alphabetically.

Configuration object types

Due to space restrictions in the following tables, some of the names for the CTs and their values were split onto two lines, even though each is one word.

Table 1. CT DnfAccessControlFmtf. Pseudo attributes to allow access to FMT FIN commands.
Attribute Description Possible values
FMTDISABLE Allow use of the FMT FIN disable command. (none)
FMTENABLE Allow use of the FMT FIN enable command. (none)
FMTRESET Allow use of the FMT FIN reset command. (none)
FMTSTART Allow use of the FMT FIN start command. (none)
FMTSTOP Allow use of the FMT FIN stop command. (none)
RECOVER Allow use of the FMT FIN recover command. (none)
QUERY Allow use of the FMT FIN query command. (none)
SEND Allow use of access control for sending FIN messages via FMT FIN. (none)
Table 2. CT DnfBasicProfile. Data used by the SNL to process the request or response message. A message partner owns this information.
Attribute Description Possible values
atdn Distinguished name of the authoriser. SWIFTNet user
encr Distinguished name used for encrypting requests. SWIFTNet user
mdt Timestamp used by the SAG Add-on to determine whether an object needs to be updated. This is updated by the service. Timestamp
nrep Non-repudiation.
  • TRUE
  • FALSE
owner Name of the message partner who owns the basic profile. Character string
pltp Type of payload.
  • Char
  • XML
prfn Name of the basic profile. Character string
prty SWIFTNet priority.
  • Normal
  • Urgent
rqdn Distinguished name of the requestor. SWIFTNet user
rqtp Type of request. Character string
rsdn Distinguished name of the responder. SWIFTNet user
sign Distinguished name that is used for signing requests. SWIFTNet user
svc Name of the service. Character string
Table 3. CT DnfBic8Map. Used by Relationship Management services to determine the business OU to which a destination belongs.
Attribute Description Possible values
BOU Business OU of the destination. Eight-character string
Table 4. CT DnfSVB. Can be used by service bundles to indicate in which OUs they are deployed.
Attribute Description Possible values
deployed Indicates that the service bundle is deployed in the OU. (none)
Table 5. CT DnfCfgCertlist. Represents a list of certificates. A message partner can use only those certificates that are in the list that is associated with it.
Attribute Description Possible values
cln Certificate list name.  
target (for future use) (none)
numberOfElements Number of cert attributes for which a certificate is specified. This is updated by the DNFSAGCFG service. 1 - 20
lastElement Serial number of the last cert attribute for which a certificate is specified. This is updated by the DNFSAGCFG service. 1 - 20
mdt Date and time the CO was last modified. This is updated by the DNFSAGCFG service. Timestamp
cert1
:
cert20
 Certificate contents (one certificate per cert attribute).  
Table 6. CT DnfCfgServiceList. Represents a list of SWIFT services. A message partner can use only those certificates that are in the list that is associated with it. If no list is associated with a message partner, it can use any SWIFT service.
Attribute Description Possible values
sln Service list name.  
target (for future use) (none)
numberOfElements Number of serv attributes for which a service is specified. This is updated by the DNFSAGCFG service. 1 - 10
lastElement Serial number of the last serv attribute for which a certificate is specified. This is updated by the DNFSAGCFG service. 1 - 10
mdt Date and time the CO was last modified. This is updated by the service. Timestamp
serv1
:
serv10
 Service name (one service per serv attribute).  
Table 7. CT DnfEfaBouParameters . OU-specific parameters for the MSIF transfer service.
Attribute Description Possible values
DoCmdAudit Specifies whether audit data is to be recorded for commands.
  • Yes
  • No (default)
InErrorAction Specifies the action that DNF_O_FT takes when the transfer condition of a SendFile scenario is changed to inError.
Event
DNF_O_FT issues an event and changes the state of the scenario to inError. This is the default.
App
DNF_O_FT returns a response to the application and changes the state of the scenario to Error_Notif.
TrackProcessing Specifies the circumstances under which the MSIF transfer service (DNF_O_FT) is to issue events to document its processing.
None
DNF_O_FT does not issue events to document its processing. This is the default.
Transition
DNF_O_FT issues an event when it notes a state or condition change.
Step
DNF_O_FT issues an event when it executes a processing step for a transfer scenario or a command.
MIMode deprecated  
SagSwitchMode Specifies whether SAG switching is enabled.
Auto
SAG switching is enabled. This is the default.
Disabled
SAG switching is disabled.
SnFSessionCloseMode Specifies whether an output channel session or an SnF queue session is closed automatically after a transfer failed.
Auto
MSIF automatically closes the SnF session. This is the default.
Disabled
MSIF keeps the SnF session open.
Table 8. CT DnfEfaCmdAccessControl. Pseudo attributes to allow access to the MSIF transfer service administration and operation commands.
Attribute Description Possible values
acquire Pseudo attribute to allow use of the MSIF acquire command. (none)
cancel Pseudo attribute to allow use of the MSIF cancel command. (none)
cleanup.aux Pseudo attribute to allow use of the MSIF cleanup command to delete the entries for all auxiliary functions of a specific scenario that has the condition finished. (none)
cleanup.aux.force Pseudo attribute to allow use of the MSIF cleanup command delete the entries for all auxiliary functions of a specific scenario regardless of its current condition. (none)
cleanup.ic Pseudo attribute to allow use of the MSIF cleanup command to delete entries for SnF input channels from the database, but only for input channels that are in the state Closed. (none)
cleanup.ic.force Pseudo attribute to allow use of the MSIF cleanup command to delete entries for SnF input channels from the database regardless of their current state. (none)
cleanup.oc Pseudo attribute to allow use of the MSIF cleanup command to delete entries for SnF output channels from the database, but only for output channels that are in the state Closed. (none)
cleanup.oc.force Pseudo attribute to allow use of the MSIF cleanup command to delete entries for SnF output channels from the database regardless of their current state. (none)
cleanup.me Pseudo attribute to allow use of the MSIF cleanup command to delete the maximum number of entries for file or message scenarios from the database. (none)
cleanup.q Pseudo attribute to allow use of the MSIF cleanup command to delete entries for SnF queues from the database, but only for queues that are in the state Closed. (none)
cleanup.q.force Pseudo attribute to allow use of the MSIF cleanup command to delete entries for SnF queues from the database regardless of their current state. (none)
cleanup.ref Pseudo attribute to allow use of the MSIF cleanup command to delete entries for file or message transfer scenarios from the database. (none)
cleanup.sub Pseudo attribute to allow use of the MSIF cleanup command to delete an entry for a specific subscription that has a state other than subscribed. (none)
cleanup.sub.force Pseudo attribute to allow use of the MSIF cleanup command to delete an entry for a specific subscription regardless of its current state. (none)
close.ic Pseudo attribute to allow use of the MSIF close command to close an input channel. (none)
close.oc Pseudo attribute to allow use of the MSIF close command to close an output channel. (none)
create.oc Pseudo attribute to allow use of the MSIF create command to create an output channel. (none)
create.ic Pseudo attribute to allow use of the MSIF create command to create an input channel. (none)
delete.oc Pseudo attribute to allow use of the MSIF delete command to delete an output channel. (none)
delete.ic Pseudo attribute to allow use of the MSIF delete command to delete an input channel. (none)
list Pseudo attribute to allow use of the MSIF list command. (none)
open.ic Pseudo attribute to allow use of the MSIF open command to open an input channel. (none)
open.oc Pseudo attribute to allow use of the MSIF open command to open an output channel. (none)
query.mposgrp Pseudo attribute to allow use of the MSIF query command for SAG MP option-set group. (none)
query.service Pseudo attribute to allow use of the MSIF query command for service name. (none)
query.snlid Pseudo attribute to allow use of the MSIF query command for SNL ID. (none)
recover Pseudo attribute to allow use of the MSIF recover command. (none)
release Pseudo attribute to allow use of the MSIF release command. (none)
restart Pseudo attribute to allow use of the MSIF restart command. (none)
set Pseudo attribute to allow use of the MSIF set command. (none)
start Pseudo attribute to allow use of the MSIF start command. (none)
status Pseudo attribute to allow use of the MSIF status command. (none)
stop Pseudo attribute to allow use of the MSIF stop command. (none)
subscribe Pseudo attribute to allow use of the MSIF subscribe command. (none)
Table 9. CT DnfEfaDownloadOptionSet. Options that apply to a particular MSIF file download operation.
Attribute Description Possible values
These options are described in Download options: DownloadOptions.
Table 10. CT DnfEfaDelNotifOptionSet. Options that a counterpart is to use when sending a delivery notification.
Attribute Description Possible values
These options are described in Delivery notification options: DelNotifOptions.
Table 11. CT DnfEfaFile . Controls access to files transferred using the MSIF transfer service.
Attribute Description Possible values
dir The directory in which the files to be transferred are located. This directory must begin with a top-level directory, and cannot contain wildcard characters. Character string (1...254)
read Pseudo attribute that allows files in the specified directory, or in a subdirectory of that directory, to be sent or provided for download. (none)
write Pseudo attribute that allows files in the specified directory, or in a subdirectory of that directory, to be downloaded. (none)
Table 12. CT DnfEfaFileOptionSet. Options that apply to a particular file.
Attribute Description Possible values
These options are described in File options: FileOptions.
Table 13. CT DnfEfaFileReceiveOptionSet. Options that apply to a FileReceived scenario.
Attribute Description Possible values
These options are described in File receive options: FileReceiveOptions.
Table 14. CT DnfEfaFileSendOptionSet. Options that apply to a particular MSIF file send operation.
Attribute Description Possible values
These options are described in File send options: FileSendOptions.
Table 15. CT DnfEfaFtAccessControl. Pseudo attributes to allow access to MSIF commands.
Attribute Description Possible values
snd Pseudo attribute to allow a user to initiate an MSIF SendMsg or SendFile scenario. (none)
rcv Pseudo attribute to allow a user to respond to a MsgReceived request by creating and submitting a MsgReceived response. (none)
prvdl Pseudo attribute to allow a user to initiate an MSIF ProvideFileForDownload scenario. (none)
dl Pseudo attribute to allow a user to initiate an MSIF Download scenario. (none)
Table 16. CT DnfEfaInputChannel. Describes an SnF input channel.
Attribute Description Possible values
SagMPOptionSet Name of the SAG MP option set that is to be used by the SnF input channel. The name of a DnfEfaSagMPOptionSet configuration object.
SagMPOptionSetGroup Name of the SAG MP option-set group that is to be used by the SnF input channel. If both, the SagMPOptionSet and the SagMPOptionSetGroup are defined, the group takes precedence and the SagMPOptionSet is ignored. The name of SAG MP option-set group. These groups are defined by the Group attribute in the DnfEfaSagMPOptionSet.
WindowSize The proposed window size for the input channel. The SIPN determines the size that is actually used based on this proposal. Integer from 1 to 100

Default: 12
Table 17. CT DnfEfaMPMap. Maps a business OU to a message partner.
Attribute Description Possible values
BOU Name of the business OU that handles requests received on the message partner with the same name as the CO of this type. Character string (1...8)
Table 18. CT DnfEfaMsgReceiveOptionSet. Options that apply to a ReceiveMessage scenario.
Attribute Description Possible values
These options are described in Message receive options: MsgReceiveOptions.
Table 19. CT DnfEfaMsgSendOptionSet. Options that apply to a SendMessage scenario.
Attribute Description Possible values
These options are described in Message send options: MsgSendOptions.
Table 20. CT DnfEfaOptionsMwh. Message warehouse settings for the MSIF transfer service.
Attribute Description Possible values
DnfContentMwh Indicates what is to be stored in the MWH_XML_MSG field of the message warehouse.
  • Index
  • IndexAndBody
  • IndexAndMessage (default)
DnfFlagMwh Indicator if message warehouse function is enabled.
  • Yes
  • No (default)
Table 21. CT DnfEfaOutputChannel. Describes an SnF output channel.
Attribute Description Possible values
SagMPOptionSet Name of the SAG MP option set that is to be used by the SnF output channel. The name of a DnfEfaSagMPOptionSet configuration object.
WindowSize The proposed window size for the output channel. The SIPN determines the size that is actually used based on this proposal. Integer from 1 to 100

Default: 10
DefaultDeliverySubsetList A list of one or more delivery subsets, separated from each other by a comma (,). The listed delivery subsets determine which of the primitives on the SnF queue to which the output channel is connected are to be received via the output channel, and in what order. The default is that all types of primitives are received in "first in, first out" order, that is, in the same order in which they were added to the queue.
  • FileAct
  • InterAct
  • System
  • Normal
  • Urgent
  • FileAct_Normal
  • FileAct_Urgent
  • InterAct_Normal
  • InterAct_Urgent
  • System_Normal
  • System_Urgent
SnFQueueName The name of the SnF queue to which this output channel connects (only if more than one output channel is to connect to a particular SnF queue) Character string of 10 - 30 characters
Table 22. CT DnfEfaParameters. Global parameters for the MSIF transfer service.
Attribute Description Possible values
SNLRequestExpiration The number of seconds by which a response from an SAG must be received. Integer

Default: 90
CleanupPeriod The amount of time that information about an MSIF scenario is kept in the database before it is removed during cleanup. Character string of the form PdDThHmM, where:
d
Number of days
h
Number of hours (0 - 24)
m
Number of minutes (0 - 60)
Default: P7DT0H0M (7 days)
NULLValue The value that, when specified for an option, causes the option to be treated as if no value was specified for it, and causes the MSIF transfer service not to use a substitute value based on the settings of option sets, as it would if the option were not specified or its value left blank. Character string (1...254)

Default: NULL
BatchSize The maximum number of scenarios that the broker can process within a single transaction. Positive integer

Default: 100
ReplBatchSize The maximum number of scenarios that the broker can process within a single transaction when determining SnF outbound transfers with an SnFInputTime that is earlier than the last replication time for the database in SIPN. Positive integer

Default: 100
AutoCleanup Pseudo attribute that determines whether the MSIF transfer service automatically is to delete information for which the cleanup period expired. (none)
EfaDataDirectory The root directory in which files required by the MSIF transfer service are stored. Character string (1...721)
EfaWorkDirectory The subdirectory of the EfaDataDirectory in which the MSIF transfer service stores temporary files. Character string (1...1023)
Table 23. CT DnfEfaProvideOptionSet. Options that apply to a particular MSIF file provide for download operation.
Attribute Description Possible values
These options are described in Provide options: ProvideOptions.
Table 24. CT DnfEfaSagCommOptionSet. Options that apply to a particular MSIF file SAG message partner.
Attribute Description Possible values
These options are described in SAG communication options: SagCommOptions.
Table 25. CT DnfEfaSagMPOptionSet. Options that apply to a particular MSIF file SAG message partner.
Attribute Description Possible values
These options are described in SAG message partner options: SagMPOptions.
Table 26. CT DnfEfaSnFQueue. Describes the connection between an SnF queue and an SAG.
Attribute Description Possible values
SagMPOptionSet Name of the SAG MP option set that is to be used by the SnF queue, or the prefix to which a number is to be appended to create the option set name.  
SagMPOptionSetNum The default of the -num parameter of the acquire command. Specify this attribute only if you need to be able to dynamically specify different SAG MP option sets for the queue sessions of single SnF queue. 2-digit number from 01 to 99
OrderBy Specifies the order in which the messages are to be retrieved from the queue. Possible values:
FIFO
The messages are retrieved from the queue in "first in, first out" order, that is, in the same order in which they were added to the queue. This is the default.
Urgent
Messages with urgent priority are retrieved from the queue in FIFO order. Only after all urgent messages were processed are messages with normal priority retrieved from the queue, also in FIFO order.
FileAct
FileAct messages are retrieved from the queue in FIFO order. Only after all FileAct messages were processed are InterAct messages retrieved from the queue, also in FIFO order.
InterAct
InterAct messages are retrieved from the queue in FIFO order. Only after all InterAct messages were processed are FileAct messages retrieved from the queue, also in FIFO order.
RecoveryMode The default of the -rm parameter of the acquire command.
  • true
  • false (default)
Table 27. CT DnfEfaSWIFTDn . Distinguished name used by the MSIF transfer service.
Attribute Description Possible values
dn The distinguished name (DN) to be used by the MSIF transfer service. A valid DN
local Pseudo attribute to specify that the DN can be used as a local DN. (none)
auth Pseudo attribute to specify that the DN can be used as an authoriser DN. (none)
encr Pseudo attribute to specify that the DN can be used as an encrypter DN. (none)
sign Pseudo attribute to specify that the DN can be used as a signer DN. (none)
Table 28. CT DnfEfaSwiftService. Options that apply to a particular SWIFT service.
Attribute Description Possible values
These options are described in SWIFT service options: SwiftServiceOptions.
Table 29. CT DnfEfaThirdPartyOptionSet. Options that specify the third party or parties to which the SIPN is to route a copy of a request.
Attribute Description Possible values
These options are described in Third-party options: ThirdPartyOptions.
Table 30. CT DnfEfaTransferOptionSet. Options that apply to a particular MSIF transfer operation.
Attribute Description Possible values
These options are described in Transfer options: TransferOptions.
Table 31. CT DnfExceptionOptionSet. Option set that determines the queues and queue managers used during exception handling.
Attribute Description Possible values
MsgValExceptionQueue Name and queue manager of the queue into which messages with message validation errors are to be put. Character string
MsgValExceptionQMgr Character string
MsgValRcvExceptionQueue Name and queue manager of the queue into which received messages with message validation errors are to be put. Character string
MsgValRcvExceptionQMgr Character string
AspSndExceptionQueue Name and queue manager of the queue into which messages with Application Service Profile (ASP) errors are to be put. Character string
AspSndExceptionQMgr Character string
NakSndExceptionQueue Name and queue manager of the queue into which messages that resulted in a NAK from the SIPN are to be put. Character string
NakSndExceptionQMgr Character string
NakRcvExceptionQueue Name and queue manager of the queue into which messages that resulted in a NAK being sent to the SIPN are to be put. Character string
NakRcvExceptionQMgr Character string
RMSndExceptionQueue Name and queue manager of the queue into which messages that were to be sent but that failed relationship management authorization are to be put. Character string
RMSndExceptionQMgr Character string
RMRcvExceptionQueue Name and queue manager of the queue into which messages that were received and that failed RMA authorization are to be put. Character string
RMRcvExceptionQMgr Character string
SignatureExceptionQueue Name and queue manager of the queue into which messages that failed signature verification are to be put. Character string
SignatureExceptionQMgr Character string
DigestCreateExceptionQueue Name and queue manager of the queue into which messages that failed digest creation are to be put. Character string
DigestCreateExceptionQMgr Character string
DigestVerifyExceptionQueue Name and queue manager of the queue into which messages that failed digest verification are to be put. Character string
DigestVerifyExceptionQMgr Character string
ProcessSndExceptionQueue Name and queue manager of the queue into which messages that encountered an exception that does not fall into any of the other exception categories are to be put. Character string
ProcessSndExceptionQueue Character string
FmtAccDndRcvExceptionQueue Name and queue manager of the queue into which FMT FIN messages that the receiving LT is unable to access are to be put. Character string
FmtAccDndRcvExceptionQMgr Character string
Table 32. CT DnfFinCopyService. Configuration data required by SWIFTNet FINCopy services.
Attribute Description Possible values
TolerateSingleAuthentication Pseudo attribute that indicates that the FINCopy service is to accept messages that are to be authenticated using single authentication, even if the value of the Authentication attribute is set to 2 (for double authentication). (none)
CentralInstitution BIC8 of the central institution. Valid BIC8
TransferDirection Indicates whether the FINCopy service can be used to send messages, receive messages, or both:
  • SR = send and receive messages. This is the default.
  • S = send messages.
  • R = receive messages.
Table 33. CT DnfFinCopyServiceConn. SWIFTNet FINCopy service connection.
Attribute Description Possible values
SignerDN Signer DN that the LT is to use to sign MT097 messages. cn=ci1,o=xxxxusny,o=swift
Table 34. CT DnfFinParametersSnfil. FIN parameters for the Interface Layer (IL).
Attribute Description Possible values
Audit Specifies for which FIN session operation commands audit data is to be recorded for a specific OU.
session
Audit data is recorded for the following commands:
  • login
  • select
  • abort
  • quit
  • logout
all
Audit data is recorded for all commands, including unknown commands
none
No audit data is recorded for any FIN session operation commands. This is the default.
AuthorizeTT Messages associated with a test and training (T&T) LT are authorized to be processed. (none)
DnfAccessControlSnfil Specifies whether access control is performed for all LTs of an OU.
none
No access control is performed
standard
Access control is performed (default)
DnfMesConfirmOnArrivalSnfil    
DnfMesConfirmOnDeliverySnfil    
DnfMesLocalQueueSnfil    
DnfMesQueueManagerSnfil    
DnfMesRemoteQueueSnfil    
DnfMesTraceLevelSnfil    
DnfMesWaitIntervalSnfil    
FmtFinSendingEnabled If this pseudo attribute is specified, FIN messages are sent internally via FMT FIN; otherwise, they are sent via the SIPN. (none)
SigVerifError Specifies whether a MT398 message or a message that failed verification is to be:
keep
Kept in the IAMS for subsequent signature verification
deliver
Flagged with error information and delivered to the receiving application (default)
  • keep
  • deliver
FinCopyConfigError Specifies whether a received FIN message that used an unconfigured FINCopy service is to be:
keep
Kept in the IAMS (default)
deliver
Flagged with error information and delivered to the receiving application
  • keep
  • deliver
FinUtilizeBrokerUserId Indicates that the user ID of each OSN message and ISN acknowlegement that is processed by the SIPN FIN services to be the user ID of the message broker in which those services run. (none)
Table 35. CT DnfFmtfDestination. Destination to which FMT FIN messages are to be sent.
Attribute Description Possible values
enabled If this pseudo attribute is specified, this destination can receive FIN messages that were transferred via the FMT FIN service. (none)
FmtAssignedMessageTypes FIN message types of the FIN messages that this destination can receive via the FMT FIN service. The specified message types can contain an underscore character (_) as a wildcard to indicate any single character. A single value or a comma-separated list, for example, 1__,202,3_9
FmtAssignedServices FIN services for which this destination can receive messages via the FMT FIN service. CPY
FmtReceivableMessageTypes FIN message types of the FIN messages that this destination can receive via the FMT FIN service. The specified message types can contain an underscore character (_) as a wildcard to indicate any single character. A single value or a comma-separated list, for example, 1__,202,3_9
RequestDelayedNak Indicates that the sending application is to be sent a negative acknowledgement (NAK) if this destination is unable to receive the message via the FMT FIN service. (none)
AllowDelayedNak Indicates that this destination is to send a negative acknowledgement (NAK) to the sending application if it is unable to receive a message via the FMT FIN service. (none)
Instance Name of the FTM SWIFT instance of the receiving FMT FIN service. Specify this attribute only if the receiving destination belongs to an instance other than that of the sending destination. Character string
OU Name of the OU of the receiving FMT FIN service. Specify this attribute only if the receiving destination belongs to an instance other than that of the sending destination. Character string
QueueManager Name of the queue manager of the receiving FMT FIN service. Specify this attribute only if the receiving destination belongs to an instance other than that of the sending destination. Character string
Table 36. CT DnfFmtfParameters
Attribute Description Possible values
Audit Whether and for which FMT FIN commands audit data is recorded.
session
Audit data is recorded for the following commands:
  • fmtenable
  • fmtdisable
  • fmtstart
  • fmtstop
  • fmtreset
all
Audit data is recorded for all commands, including the query and recover commands
none
No audit data is recorded for any FMT FIN commands (default)
FmtUtilizeBrokerUserId Indicates that the user ID of each OSN message and final ISN acknowlegement that is processed by the FMT FIN services to be the user ID of the message broker in which those services run. (none)
Table 37. CT DnfFmtfRouting
Attribute Description Possible values
Destination The BIC 8 of the destination LT.  
enabled Pseudo attribute that enabled the CO for routing FMT messages.  
LtAssignedMessageTypes Specify the FIN message types that the destination LT can receive. Values must be separated by a comma. Use the underscore (_) as a wildcard for a single character; for example, 100, 10_, __9.  
LtAssignedServices Specify the kind of FIN services which destination LT can receive. Comma-separated list with no wildcards
TargetLtId The 1 char LtId to complete the whole BIC 9 of the destination LT.  
Table 38. CT DnfGblCfgParm. Data for the MQ Host Adapter (MQHA)
Attribute Description Possible values
crq Client response queue. Character string
mdt Date and time the CO was last modified. This is updated by the service. Timestamp
ret Retention period. Integer from 1 to 10
sag SAG name. Character string
gfq Name of the get file queue. Character string
fdir Directory that contains the files to which LFT commands apply. Character string
fexp Number of seconds after which the MQHA places a file into the get file queue that the file is deleted from that queue or is moved to the dead letter queue. Integer
maxlftms The maximum chunk size in MB. A whole number from 1 to 100
Table 39. CT DnfLAUKeyExpiration. Local authentication (LAU) key used to secure messages while they are being transferred between the SFD and the SAG.
Attribute Description Possible values
validityPeriod Number of days after the LAU key was last changed that the LAU key expires. Integer
notificationPeriod Number of days before the expiration date that a warning event is to be issued for a LAU key. Integer
Table 40. CT DnfLAUKeyMP. Local authentication (LAU) key used to secure messages while they are being transferred between the SFD and an SAG or between the MSIF transfer services and an SAG.
Attribute Description Possible values
hk1 First part of the LAU key. Each half key must follow these rules:
  • It must have a length of 16 characters.
  • All characters must be printable characters.
  • It must contain at least one uppercase and one lowercase character.
  • It must contain at least one digit.
  • No single character may occur more than 7 times.
hk2 Second part of the LAU key.
lkn Name of the LAU key. Character string
mdt Date and time the CO was last modified. Timestamp of the form yyyy-mm-dd hh:mm:ss.sssss
Table 41. CT DnfLAUKeyRM. Local authentication (LAU) key used to secure RM data while it is being imported or exported.
Attribute Description Possible values
hk1 First part of the LAU key. Each half key used to secure RM data must have a length of 16 characters and must contain only characters that correspond to hex digits (0123456789ABCDEF).
hk2 Second part of the LAU key.
LastChanged Date when the LAU key was last changed. yyyy-mm-dd, for example, 2009-02-15 for 15 February 2009.
Table 42. CT DnfLT. Data for a master LT.
Attribute Description Possible values
FSMInstanceDir FSM instance directory. An existing directory
InitialService The service invoked from SIPN FIN. swift.fin
LTGroup Name of the LT group. Character string (maximum 12)
ResyncMaxNumber Maximum number of resync attempts. Integer in the range 0 - 40
ResyncMaxTime Maximum resync time. Integer in the range 1 - 60
ResyncStartDelay Delay time before starting an initial resync. Integer in the range 20 - 300
ResyncWaitTime Wait time before attempting another resync. Integer in the range 20 - 300
SLRetry Pseudo attribute that, if present, specifies that the client send process is to immediately retry sending a message if an exception occurs on the session layer. (none)
Table 43. CT DnfLTApplicationSettings. Configuration parameters for LTs.
Attribute Description Possible values
ExceptionOptionSet Name of the exception option set that the LT is to use to determine which error queues it is to use. Character string
Queue Queue of the receiving application. Character string
QueueManager Queue manager of the receiving application. Character string
send A pseudo attribute that, if present, specifies that access control is to be carried out in the DNF_ILC_FIN message flow. (none)
Table 44. CT DnfLTConn. LT connection between a master LT and an SAG.
CT description
Attribute Description Possible values
AuthoriserDN Distinguished name of the security endpoint (authoriser DN). SWIFTNet user
enabled Pseudo-attribute placeholder for enabling the LT connection. (none)
RequestorDN Distinguished name of the requestor. SWIFTNet user
SAGName Name of the SAG on which MQHA runs. Character string
SAGQMgr Used in combination with attribute SAGRequestQueue to specify a specific SAG to be used for the LT. Character string
SAGRequestQueue SAG-specific client request queue that is to be used for the FIN traffic for an LT. This queue can be used for static workload balancing among LTs, or in setups with more than one SAG to route traffic away from a non-operable SAG. Character string
SNLEndpoint SNL endpoint used for SIPN FIN. ltname_FIN
Table 45. CT DnfLTMap
Attribute Description Possible values
OU OU of the destination LT. Character string (maximum 8)
Table 46. CT DnfMqConnection. MQ connection
Attribute Description Possible values
ch Channel definition. This parameter is mandatory when you initially set up an SAG. This parameter contains the channel name, the protocol, such as TCP, and the host name. Character string
cid Message coding definition (CCSID). 1208
cn Name of QM host, that is, the host name or IP address of the host where the queue manager resides. Character string
crq Client request queue Character string
mdt Date and time the CO was last modified. This is updated by the service. Timestamp
mqcn IBM® MQ connection name. DnfMqConnection
pfq Putfile queue. Character String
qm Queue manager. Character string
srq Server request queue. Character string
tt Name of the transport type, such as TCP. TCP
Table 47. CT DnfMQHAProfile. Data passed when a request is received by SNL to a server application. A message partner owns this information.
Attribute Description Possible values
cid Definition of the message coding. 1208
con Indicator if conversion is enabled.
  • MQFMT_STRING
  • MQFMT_NONE
env Whether messages are received in an envelope.
  • With
  • Without
mdt Date and time the CO was last modified. This is updated by the service. Timestamp
mex Message expiration. Integer
mqcn IBM MQ connection name. Updated by the service
qm Queue manager. Character string
owner Name of the message partner who owns the basic profile. Character string
prfn Name of the MQHA profile. Character string
rqq IBM MQ queue name. Character string
Table 48. CT DnfMsgPartner. Data to find the target application.
Attribute Description Possible values
cln Name of the certificate list CO. Character string
dfm Default message for emission.
  • Sag:SNL
  • Sag:BasicInterAct
  • Sag:Primitive
envm Envelope mode.
  • NoEnv
  • BodyEnv
  • HeaderEnv
lkn Name of LAU key CO. Character string
mdt Date and time the CO was last modified. This is updated by the service. Timestamp
mfm1 Supported message string.
  • Sag:SNL
  • Sag:RelaxedSNL
  • Sag:Primitive
  • Sag:BasicInterAct
mfm2 Supported message string.
mfm3 Supported message string.
mfm4 Supported message string.
mfm5 Supported message string.
mpn Name of the message partner. Character string
mqm Queue manager. Name of the server request queue. Character string
ou OU name. Character string (max. length 8)
req Name of the server request queue. Character string
type Type of message partner.
  • Client
  • Server
  • ClientServer
sln Name of the service list CO. Character string
Table 49. CT DnfMsgPartnerAccessControl. Access control for message partners that represent InterAct applications.
Attribute Description Possible values
na Dummy attribute. (none)
Table 50. CT DnfMsgPartnerCom. Data for message partners with the same name to allow clustering.
Attribute Description Possible values
envm Envelope mode.
  • NoEnv
  • BodyEnv
  • HeaderEnv
mpn Name of the message partner. Character string
mqm Queue manager name of the server request queue. Character string
ou OU name. Character string (8 maximum)
req Name of the server request queue. Character string
Table 51. CT DnfOptionsMwh. Message warehouse settings for SIPN FIN and FMT FIN services.
Attribute Description Possible values
DnfFlagMwh Indicates whether the message warehouse function is enabled.
  • Yes
  • No
DnfContentMwh Indicates what is to be stored in the MWH_XML_MSG field of the message warehouse.
  • Index
  • IndexAndBody
  • IndexAndMessage (default)
Table 52. CT DnfParametersSnfdb. Parameters for DB2® access for the SIPN FIN service.
Attribute Description Possible values
DnfCollectionSnfdb The DB2 binding information.
  • <DB2SSID>.
  • <DNFvCOLLID>.
  • <DNFvPLANID>
DnfSchemaSnfdb Name of the DB2 schema. Character string (this is the value specified for the DNIvSN placeholder)
Table 53. CT DnfRmBic8. Parameters for the RM Transfer service.
Attribute Description Possible values
RequestDeliveryNotif Whether the SIPN is to send a delivery notification when correspondent received and acknowledged an RMA message.
True
The SIPN is to send a delivery notification.
False
The SIPN is not to send a delivery notification. This is the default.
TransferOptionSet Name of the transfer option set that the MSIF Transfer service is to use when sending an RMA message. Character string
Table 54. CT DnfRmMIParameters. Parameters for the connection of the RM Transfer service to the MSIF Transfer service of another instance.
Attribute Description Possible values
Instance The FTM SWIFT instance on that the MSIF Transfer service is running. Character string
OU Organizational unit to which the MSIF Transfer service belongs. Character string (8 maximum)
QueueManager Queue manager of the MSIF Transfer service. Character string (8 maximum)
Table 55. CT DnfRmAccessControl. Pseudo attributes to allow access to relationship management (RM) commands and actions.
Attribute Description Possible values
ACCEPT Allow use of accept action (accept, reject) (none)
APPROVE Allow use of approve action (approve, refuse) (none)
BREAKLOCK Allow use of break lock action (none)
CHANGE Allow use of change action (revoke, delete, enable, edit, discard changes) (none)
CREATE Allow use of create action (none)
DELETEQUERY Allow use of delete query action (none)
DELETESTALE Allow use of delete stale action (none)
EXPORT Allow use of the export RM command. (none)
IMPORT Allow use of the import RM command. (none)
PROCESSQUERY Allow use of process query action (create, respond, mark as read) (none)
VIEW Allows viewing an authorisation, if no other action is permitted (none)
Table 56. CT DnfRmParameters. Controls processing of relationship management (RM) commands and relationship management application (RMA)
Attribute Description Possible values
Audit Specifies for which RM administration commands audit data is to be recorded. Can be set separately for each OU.
none
No audit data is recorded for any RM commands (default)
all
Audit data is recorded for all RM commands
DefaultExportDir Name of the directory used by the export RM command if the -dir parameter is not specified. Character string
DefaultImportDir Name of the directory used by the import RM command if the -dir parameter is not specified. Character string
DefaultLogDir Name of the directory where log files (for example, import log files) are stored by default. Character string
ApprovalSteps Specifies the required number of approval steps for following actions:
  • Submit authorisation, query, or answer
  • Accept authorisation
  • Reject authorisation
  • Revoke authorisation
  • Delete authorisation, query, and associated answers
0
No approval required
1
Action must be approved once (default)
2
Action must be approved twice
ApprovalUserRestriction Specifies the user restrictions for the approval process if single or double authorization is configured for the approval steps.
none
No restrictions apply
notprevious
The approver must be different from the user of the previous action
alldifferent
The approver must be different from all the users of the previous action
Table 57. CT DnfAspParameters. Controls processing of application service profile (ASP) commands in relationship management (RM) admin service
Attribute Description Possible values
DefaultImportDir Name of the directory used by the importasp command if the -dir parameter is not specified. Character string
Table 58. CT DnfSagCfgCnt. Used to store FTM SWIFT internal information.
Attribute Description Possible values
bou Name of the business OU. Character string (8 maximum)
cos Configuration object set. Character string
parm1 Internal parameter. Character string
parm2 Internal parameter. Character string
parm3 Internal parameter. Character string
sag Name of the SAG. Character string
Table 59. CT DnfSAGopcfg. Defines the attributes used to control access to SAG configuration and operation commands.
Attribute Description Possible values
accessLauKey1 Pseudo attribute placeholder. (none)
accessLauKey2 Pseudo attribute placeholder. (none)
acquireCertificate Configuration command. Yes
addCert Configuration command. Yes
addLauKey Configuration command. Yes
addMessagePartner Configuration command. Yes
addMQConnection Configuration command. Yes
addService Configuration command. Yes
addSiEndpoint Configuration command. Yes
approve Operation command. Yes
backup Operation command. Yes
changeCertificatePassword Configuration command. Yes
createCertificate Configuration command. Yes
defineSagUser Configuration command. Yes
deleteCert Configuration command. Yes
deleteMessagePartner Configuration command. Yes
deleteLauKey Configuration command. Yes
deleteSagUser Configuration command. Yes
deleteService Configuration command. Yes
deleteSiEndpoint Configuration command. Yes
deploy Configuration command. Yes
disable Operation command. Yes
disableSwiftNetUser Configuration command. Yes
enable Operation command. Yes
getstate Operation command. Yes
getRoutingRules Operation command. Yes
grantRole Configuration command. Yes
list Operation command. Yes
listCertLists Configuration command. Yes
listCfgObjectSet Configuration command. Yes
listMessagePartner Configuration command. Yes
listMQConnection Configuration command. Yes
listLauKeys Configuration command. Yes
listRoles Configuration command. Yes
listSagEventTemplates Configuration command. Yes
listSagInstances Configuration command. Yes
ListSagUser Configuration command. Yes
ListServiceLists Configuration command. Yes
listSiEndpoints Configuration command. Yes
listSwiftNetUser Configuration command. Yes
pluginProcent Pseudo attribute placeholder. (none)
pluginSagLog
pluginSagAPL_MQHA
pluginSagFT_I
pluginSagAPL_BIMFC
pluginSagAPL_I
pluginSagCM
pluginSagMD
pluginSagSN_NA
pluginSagSN_I
pluginSagSystem
queue Name of input queue of the SAG Add-On. Character string
readCertLists Configuration command. Yes
readGlobalParameters Configuration command. Yes
readMessagePartner Configuration command. Yes
readMQConnection Configuration command. Yes
readServiceLists Configuration command. Yes
readSiEndpoint Configuration command. Yes
recoverCertificate Configuration command. Yes
registerSwiftNetUser Configuration command. Yes
removeCertFromSag Configuration command. Yes
renew Operation command. Yes
reroute Operation command. Yes
revokeSwiftNetUser Configuration command. Yes
setCertProtocol Configuration command. Yes
setupUserForCert Configuration command. Yes
setupUserForRecovery Configuration command. Yes
start Operation command. Yes
stop Operation command. Yes
ungrantRole Configuration command. Yes
updateCert Configuration command. Yes
updateGlobalParameters Configuration command. Yes
updateMessagePartner Configuration command. Yes
updateMQConnection Configuration command. Yes
updateLauKey Configuration command. Yes
updateSagEventTemplates Configuration command. Yes
updateService Configuration command. Yes
updateSiEndpoint Configuration command. Yes
version The version of the SAG.
7.0
SAG 7 (7.0 and 7.2)
Table 60. CT DnfSiEndpoint
Attribute Description Possible values
epn Name of the endpoint. Character string (20 maximum)
mdt Date and time the CO was last modified. This is updated by the service. Timestamp
mpn Message partner. Character string
sep SNL endpoint. Character string
spro SNL protocol.
  • Relaxed
  • Strict
cpro Cryptographic protocol.
  • Automatic
  • Advanced
Table 61. CT DnfSnFParameters. Sets the audit level for InterAct SnF session commands.
Attribute Description Possible values
Audit Level of audit data recorded for InterAct SnF session commands.
session
Audit data is recorded for the following commands:
  • acquire
  • release
all
Audit data is recorded for all commands, including the status command and unsupported requests
none
No audit data is recorded for any SnF session commands (default)
Table 62. CT DnfSnFQueue. Describes the connection between an InterAct SnF queue and an SAG.
Attribute Description Possible values
DefaultQueueConn Two-digit number of the queue connection that is to be used. Example: 01
MsgPartner Name of the message partner that sets the necessary protocol information on the SAG. Character string (20 maximum)
OrderBy Specifies the order in which the messages are to be retrieved from the queue. Possible values:
FIFO
The messages are retrieved from the queue in "first in, first out" order, that is, in the same order in which they were added to the queue. This is the default.
Urgent
Messages with urgent priority are retrieved from the queue in FIFO order. Only after all urgent messages were processed are messages with normal priority retrieved from the queue, also in FIFO order.
RecoveryMode Pseudo attribute placeholder. Equals true if configured
SessionMode The mode of the session by which messages are to be retrieved from an SnF queue. Possible values:
  • Push
  • Pull (default)
Table 63. CT DnfSnFQueueConn. Connection parameters used between an InterAct SnF queue and a specific SAG.
Attribute Description Possible values
AuthoriserDN Authoriser DN of the queue owner. Character string (100 maximum)
enabled Pseudo attribute used as a switch to activate and deactivate individual COs. (none)
SAGQMgr Queue manager of SAG request queue used for the acquire command. SAG queue manager
SAGRequestQueue SAG request queue used for the acquire command. Specific client request queue of an SAG or SAG cluster queue
SNLEndpoint The SNL endpoint that is configured on SAG to address push requests. Only needed for push sessions. Character string (14 maximum)
Table 64. CT DnfSWIFTDn. Access control for distinguished names.
Attribute Description Possible values
auth Pseudo attribute that indicates that the DN is an authoriser DN. (none)
dn Distinguished name. SWIFTNet user
encr Pseudo attribute that indicates that the DN is an encrypter DN. (none)
req Pseudo attribute that indicates that the DN is a requestor DN. (none)
rsp Pseudo attribute that indicates that the DN is a responder DN. (none)
sign Pseudo attribute that indicates that the DN is a signer DN. (none)
Table 65. CT DnfSynonymLT. Data for a synonym LT and the related master LTs.
Attribute Description Possible values
Master Name of the corresponding master LT. An LT name (BIC9)
Table 66. CT DnfSynonymLTConn. LT connection between a synonym LT and an SAG.
Attribute Description Possible values
SignerDN Distinguished name used to sign FIN traffic of a synonym LT. SWIFTNet user
Table 67. CT DnfTrace. Attributes for tracing.
Attribute Description Possible values
Level Trace level.
0
No PDU trace is written.
1
The PDU data is the SNF SL PDU data reference (this is either the LT name of the data in block 1 of the APDU message). The output is not formatted.
2
The PDU data is the APDU message or, if the PDU does not contain an APDU message, the SNF SL PDU request payload. The output is not formatted.
3
The PDU data is the SNF SL PDU request payload or, if the PDU does not contain a request payload, the complete SNF SL PDU. The output is not formatted.
4
The PDU data is the complete SNF SL PDU. The output is not formatted.
5
The PDU data is the complete SNF SL PDU. The output is formatted in a way that illustrates the hierarchical relationships among the tags in each message.
Size Whether the file size is to be limited and, if so, the size limit A value from 1 to 100 specifies the limit in MB. A value of 0 specifies that the PDU trace file is not controlled and therefore its size is unlimited.
Table 68. CT DnfVerifAdmAccessControl. Confers the right to use the signature verification service to verify messages.
Attribute Description Possible values
verify Pseudo attribute for access control. (none)
Table 69. CT DnfVerifConn. Connection between the signature verification service and an SAG.
Attribute Description Possible values
enabled Pseudo attribute indicates that the CO is active. (none)
SAGRequestQueue The queue to which VerifyDecrypt requests are to be sent.  
SAGQMgr The queue manager of the queue to which VerifyDecrypt requests are to be sent.  
AuthoriserDN Authoriser DN that is used to authorize VerifyDecrypt requests.  
MessagePartner The message partner of the LAU key that is to be used.  
SAGName The name of the SAG server of the LAU key that is to be used.  
Table 70. CT DnfVerifParameters. Parameters that control the signature verification service.
Attribute Description Possible values
Audit Level of audit data recorded for signature verification commands.
all
Audit data is recorded during message verification.
none
No audit data is recorded during message verification (default).
Table 71. CT DnfVerifService. Attributes of the signature verification service.
Attribute Description Possible values
AutoInterval The number of minutes that the signature verification service is to wait between automatic verification attempts. If automatic verification is not to be performed, specify 0. The default is 5. Any non-negative integer
MaxInterval When automatic verification is to be performed (that is, when AutoInterval > 0), this attribute specifies the number of minutes after a received message is stored in the DNFV_REQUEST table by which the signature verification service must verify its signature. If no limit is to be placed on the time available to automatically verify signatures, specify 0. The default is 0. Any non-negative integer
MaxTransactionSize A number from 1 to 70 that indicates the maximum number of messages that DNF_V_REQ is to include in each signature verification transaction. The default is 20. Any non-negative integer from 1 to 70
DefaultVerifConn A two-digit number that indicates which CO of type DnfVerifConn the signature verification service is to use as a source of SAG data if none is specified. Any two-digit number (01 - 99)
SNLRequestExpiration The maximum amount of time, in seconds, after the signature verification service puts a VerifyDecrypt request into the input queue of an SAG, by which the SAG must begin to process the request. The default is 90 seconds. Any non-negative integer
Table 72. CT DNF_ILC_CMD. Pseudo attributes to allow access to LT session operation commands.
Attribute Description Possible values
ABORT Allow use of the abort command. (none)
LOGIN Allow use of the login command. (none)
LOGOUT Allow use of the logout command. (none)
QUERY Allow use of the query command. (none)
QUIT Allow use of the quit command. (none)
RECOVER Allow use of the recover command. (none)
RESET Allow use of the reset command. (none)
SELECT Allow use of the select command. (none)
Table 73. CT DNF_L_ADM. Pseudo attributes to allow access to RM and PKI commands.
Attribute Description Possible values
IMPORTASP Allow the user to import application service profiles. (none)
QUERY Allow a user to obtain a summary of relationship management data. (none)
QUERYASP Allow the user to query application service profiles. (none)
QUERYRELATIONSHIP Allow a user to obtain detailed information about relationships. (none)
Table 74. CT DNF_SNF_CMD. Pseudo attributes to allow use of the InterAct SnF session control commands.
CT description
Attribute Description Possible values
ACQUIRE Pseudo attribute to allow use of the acquire command for InterAct SnF sessions. (none)
RELEASE Pseudo attribute to allow use of the release command for InterAct SnF sessions. (none)
STATUS Pseudo attribute to allow use of the status command for InterAct SnF sessions. (none)
Table 75. CT DniAccAudit. Recording of audit data for accounting commands.
Attribute Description Possible values
DniFlagAccAudit Auditing flag.
Standard
Audit data for Accounting commands is recorded.
None
Audit data for Accounting commands is not recorded.
Table 76. CT DniAccAdm.del. Delete command for the accounting administration service.
Attribute Description Possible values
na Dummy attribute. (none)
Table 77. CT DniAccAdm.lst. List command for the accounting administration service
Attribute Description Possible values
na Dummy attribute. (none)
Table 78. CT DniAccessControl. Control of Access Control node.
Attribute Description Possible values
DniPollIntAcp Polling interval in seconds for the Access Control node. Integer from 0 - 84600 (default is 300)
Table 79. CT DniAddOU. CT used to create the COs that allow OU administrators to issue the add OU command.
Attribute Description Possible values
na Dummy attribute. (none)
DnfLAUKeyRM.hk1 Pseudo attribute that allows a user to enter the first (hk1) or second (hk2) half of a key used to secure relationship management data while it is being imported or exported. (none)
DnfLAUKeyRM.hk2 (none)
DnfLAUKeyRM.LastChanged Pseudo attribute that allows a user to enter the date when an a LAU key was last changed. (none)
Table 80. CT DniAEvent.del. Delete command for the event administration service.
Attribute Description Possible values
na Dummy attribute. (none)
Table 81. CT DniAEvent.list. List command for the event administration service.
Attribute Description Possible values
na Dummy attribute. (none)
Table 82. CT DniAppOU. CT used to create the COs that allow OU administrators to issue the approve OU command.
Attribute Description Possible values
na Dummy attribute. (none)
Table 83. CT DniCfgProvider. Control of Configuration-Data Provider node.
Attribute Description Possible values
DniPollIntCpn Polling interval in seconds for the Configuration Data Provider node. integer from 0 - 84600 (default is 300)
Table 84. CT DniCinService. Controlled input node (CIN) enabled service flow
Attribute Description Possible values
CommandQueue The command queue of the message flow that uses a CIN as its input node. Character string
EnhancedErrorHandlingEnabled Indicates that the service uses the enhanced error handling mode. This means that its CIN routes to an error queue messages that, if processed, would cause the CIN to stop. (none)
Table 85. CT DniComOU. CT used to create the COs that allow OU administrators to issue the commit OU command.
Attribute Description Possible values
na Dummy attribute. (none)
Table 86. CT DniConfigSVB. Data used by the installation and migration procedure.
Attribute Description Possible values
cosfile Configuration object set file name. Character string
ctfile Configuration object type file name. Character string
hisfile Historic installation information file name. Character string
migfile Migration file name. Character string
rolefile Role file. Character string
name Dummy attribute. Character string
Table 87. CT DniDepOU. CT used to create the COs that allow OU administrators to issue the deploy OU command.
Attribute Description Possible values
na Dummy attribute. (none)
Table 88. CT DniFileDir. A description of a path in the host file system including permissions.
Attribute Description Possible values
Path Absolute path in the file system. Character string
read Pseudo attribute that allows a user to retrieve files from the directory represented by the Path attribute. (none)
Table 89. CT DniLevelsTrace. Trace levels.
Attribute Description Possible values
Level Level for the FTM SWIFT Trace service.
  • Error (default)
  • Warning
  • Informational
  • Debug
Table 90. CT DniListOU. CT used to create the COs that allow OU administrators to issue the list OU command.
Attribute Description Possible values
na Dummy attribute. (none)
DnfLAUKeyRM.hk1 Pseudo attribute that allows a user to display the first (hk1) or second (hk2) half of a key used to secure relationship management data while it is being imported or exported (none)
DnfLAUKeyRM.hk2 (none)
DnfLAUKeyRM.LastChanged Pseudo attribute that allows a user to display the date when an a LAU key was last changed. (none)
Table 91. CT DniMessageWarehouse. Settings for the message warehouse service.
Attribute Description Possible values
DniSchemaMwh Schema name. Character string
DniTableMwh Table or view name. Character string
Table 92. CT DniMessageWarehouseAdjunct. Specifies the name of a message warehouse adjunct table.
Attribute Description Possible values
DniTableMwh Table or view name. Character string
Table 93. CT DniModOU. CT used to create the COs that allow OU administrators to issue the modify OU command.
Attribute Description Possible values
na Dummy attribute. (none)
Table 94. CT DniMonitor.dreg. Deregister command for the monitor service.
Attribute Description Possible values
na Dummy attribute. (none)
Table 95. CT DniMonitor.reg. Register command for the monitor service.
Attribute Description Possible values
na Dummy attribute. (none)
Table 96. CT DniMsgAudit. Recording of message audit data.
Attribute Description Possible values
DniSchemaAudit Schema name. The value specified for the DNIvSN placeholder
DniTableMsgAudit Table name. A name of the form DNI_A_MSG_ou
Table 97. CT DniOptionsMsgAudit. Options for recording message audit data.
Attribute Description Possible values
DniFlagMsgAudit Whether message audit data is to be recorded.
  • Yes (default)
  • No
DniFlagSaveMQRFH2 Whether MQRFH2 is to be written to the audit table.
  • Yes (default)
  • No
Table 98. CT DniRaOU. CT used to create the COs that allow OU administrators to issue the reject approve OU command.
Attribute Description Possible values
na Dummy attribute. (none)
Table 99. CT DniRejOU. CT used to create the COs that allow OU administrators to issue the reject OU command.
Attribute Description Possible values
na Dummy attribute. (none)
Table 100. CT DniRemoteInstance. CT used to describe a remote FTM SWIFT instance.
Attribute Description Possible values
QueueManager Queue manager of the remote instance. Character string (48 maximum)
RmaSyncEnabled Pseudo attribute that indicates, that relationship management synchronization is enabled for the remote instance, if configured. (none)
RmaSyncTimeout The number of seconds after which a relationship management synchronization request indicates a timeout, if no response has been received. To disable the timeout detection for sent synchronization requests, set the value to 0 or do not configure any value for that attribute. Any non-negative integer
Table 101. CT DniRemOU. CT used to create the COs that allow OU administrators to issue the remove OU command.
Attribute Description Possible values
na Dummy attribute. (none)
DnfLAUKeyRM.hk1 Pseudo attribute that allows a user to remove the first (hk1) or second (hk2) half of a key used to secure relationship management data while it is being imported or exported. (none)
DnfLAUKeyRM.hk2 (none)
DnfLAUKeyRM.LastChanged Pseudo attribute that allows a user to remove the date when an a LAU key was last changed. (none)
Table 102. CT DniSample. Sample service.
Attribute Description Possible values
na Dummy attribute. (none)
Table 103. CT DniSecAdm. Security administration service.
Attribute Description Possible values
DniFlagDoubleAuthSecAdm Dual authorization flag.
  • Yes (default)
  • No
Table 104. CT DniSecAdm.ac. Access check command for the security administration service.
Attribute Description Possible values
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 105. CT DniSecAdm.add. Add command for the security administration service.
Attribute Description Possible values
rg Pseudo attribute that indicates that this command can be issued for a role group. (none)
ro Pseudo attribute that indicates that this command can be issued for a role. (none)
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 106. CT DniSecAdm.app. Approve command for the security administration service.
Attribute Description Possible values
rg Pseudo attribute that indicates that this command can be issued for a role group. (none)
ro Pseudo attribute that indicates that this command can be issued for a role. (none)
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 107. CT DniSecAdm.aut. Authorize command for the security administration service.
Attribute Description Possible values
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 108. CT DniSecAdm.com. Commit command for the security administration service.
Attribute Description Possible values
rg Pseudo attribute that indicates that this command can be issued for a role group. (none)
ro Pseudo attribute that indicates that this command can be issued for a role. (none)
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 109. CT DniSecAdm.cre. Create command for the security administration service.
Attribute Description Possible values
rg Pseudo attribute that indicates that this command can be issued for a role group. (none)
ro Pseudo attribute that indicates that this command can be issued for a role. (none)
Table 110. CT DniSecAdm.del. Delete command for the security administration service.
Attribute Description Possible values
rg Pseudo attribute that indicates that this command can be issued for a role group. (none)
ro Pseudo attribute that indicates that this command can be issued for a role. (none)
Table 111. CT DniSecAdm.list. List command for the security administration service.
Attribute Description Possible values
rg Pseudo attribute that indicates that this command can be issued for a role group. (none)
ro Pseudo attribute that indicates that this command can be issued for a role. (none)
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 112. CT DniSecAdm.mod. Modify command for the security administration service.
Attribute Description Possible values
rg Pseudo attribute that indicates that this command can be issued for a role group. (none)
ro Pseudo attribute that indicates that this command can be issued for a role. (none)
Table 113. CT DniSecAdm.react. Reactivate command for the security administration service.
Attribute Description Possible values
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 114. CT DniSecAdm.rej. Reject command for the security administration service.
Attribute Description Possible values
rg Pseudo attribute that indicates that this command can be issued for a role group. (none)
ro Pseudo attribute that indicates that this command can be issued for a role. (none)
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 115. CT DniSecAdm.rem. Remove command for the security administration service.
Attribute Description Possible values
rg Pseudo attribute that indicates that this command can be issued for a role group. (none)
ro Pseudo attribute that indicates that this command can be issued for a role. (none)
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 116. CT DniSecAdm.rev. Revoke command for the security administration service.
Attribute Description Possible values
user Pseudo attribute that indicates that this command can be issued for a user. (none)
Table 117. CT DniSecAdm.xou. Access control for the Add, Remove, List, and Approve user commands for the Security Administration service for cross-OU processing from SYSOU.
Attribute Description Possible values
na Dummy attribute. (none)
Table 118. CT DniSysAdm. System Configuration service
Attribute Description Possible values
DniFlagDoubleAuthCfg Dual authorization flag.
  • Yes (default)
  • No
Table 119. CT DniSysAdm.add. Add command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 120. CT DniSysAdm.app. Approve command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 121. CT DniSysAdm.com. Commit command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 122. CT DniSysAdm.cre. Create command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
Table 123. CT DniSysAdm.del. Delete command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
Table 124. CT DniSysAdm.dep. Deploy command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 125. CT DniSysAdm.dreg. Deregister command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
Table 126. CT DniSysAdm.list. List command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 127. CT DniSysAdm.mod. Modify command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 128. CT DniSysAdm.ra. Reject Approval command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 129. CT DniSysAdm.reg. Register command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
Table 130. CT DniSysAdm.rej. Reject command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 131. CT DniSysAdm.rem. Remove command for the system configuration service.
Attribute Description Possible values
cos Pseudo attribute that indicates that this command can be issued for a COS. (none)
ct Pseudo attribute that indicates that this command can be issued for a CT. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 132. CT DniSysAdm.res. Reset command for the system configuration service.
Attribute Description Possible values
cos Configuration object set pseudo attribute placeholder. (none)
ct CT pseudo attribute placeholder. (none)
ou Pseudo attribute that indicates that this command can be issued for an OU. (none)
Table 133. CT DNI_SYSOP. Allow access to system operation commands used to control a controlled input node (CIN).
Attribute Description Possible values
CLEANUP Allows a user to move or delete messages from a CIN error queue. (none)
QUERY Allows a user to query the status (started or stopped) of a CIN. (none)
RETRY Allows a user to route messages from a CIN error queue back to the MSIF transfer service for processing. (none)
START Allows a user to restart the CIN and resume processing. (none)
Table 134. CT DniSysOpParameter. Parameters that control the SysOp service.
Attribute Description Possible values
Audit Level of audit data recorded for system operation commands.
all
Audit data is recorded.
none
No audit data is recorded (default).
Table 135. CT DniTimer. Timer service.
Attribute Description Possible values
DniPollingIntervalTimer Polling interval. Any integer
DniSchemaTimer Schema name. Character string
DniTableTimer Table name. Character string
Table 136. CT DnpAoSec. Pseudo attributes to allow access to AO Facility security administration actions.
Attribute Description Possible values
DISPLAYUSER Allows the user to display user specific information. (none)
ASSIGNUSER Allow a user to manage user assignments. (none)
APPROVEUSER Allows the user to approve or reject pending changes of a user assignment. (none)
DISPLAYROLE Allows the user to display role and role group specific information. (none)
MODIFYROLE Allows a user to create, edit and delete roles and role groups. (none)
APPROVEROLE Allows the user to approve or reject pending changes of role and role group definitions. (none)
Table 137. CT DnpAoRdmRights. Pseudo attributes to allow access to AO Facility reference data management actions.
Attribute Description Possible values
DISPLAY Allows the user to display reference data. (none)
MODIFY Allows a user to create, update or delete reference data. (none)
APPROVE Allows the user to approve or reject pending changes to reference data. (none)
Table 138. CT DnpAoRdmParameters. Parameters that control the AO Facility Reference Data component.
Attribute Description Possible values
ApprovalRequired Whether an approval is required for changes to the reference data.
  • YES (default)
  • NO
Table 139. CT DniUserAudit. User Auditing.
Attribute Description Possible values
DniSchemaAudit Schema name. Character string
DniTableUserAudit Table name. Character string
Table 140. CT DnqAmountThreshold. Configure threshold command for Message warehouse settings for ER
Attribute Description Possible values
maxAmount The amount which defines the threshold for a routing condition  
Table 141. CT DnqERCustomAction. MER custom action settings.
Attribute Description Possible values
Label The label or display name of this action in the MER user interface.  
UserAction The name of this action for routing flows and the message history.  
RoutingType The type of routing flow that will handle this action.
  • B for business routing
  • U for user action routing
Validate Whether to validate a message before executing the action. This attribute is only valid for custom actions on queues of purpose Create or Edit. On queues with other purposes, the messages will not be validated.
  • true
  • false (default)
The values are not case-sensitive.
UserConfirmation Whether the user has to confirm the action before it is executed. This is a protection against accidental selection of the action, similar to the behavior of the standard Delete action.
  • true
  • false (default)
The values are not case-sensitive.
Table 142. CT DnqERLocalAddress. MER local address settings.
Attribute Description Possible values
AddressType Specifies whether the address is an LT name (for FIN messages) or a distinguished name (for InterAct messages).
  • LT
  • DN
Address When processing FIN messages (AddressType LT), this is the BIC12 specified in the FIN basic header. When processing InterAct messages (AddressType DN), this is one of the following:
  • For an InterAct client application, the requestor DN of the requests that the application sends and the responses that it receives
  • For an InterAct server application, the responder DN of the requests that the application receives and the responses that it sends
  • For AddressType LT: BIC12
  • For AddressType DN:
    • Requestor DN
    • Responder DN
DisplayName A descriptive name that is displayed in the user interface of the MER Facility instead of the value of the Address attribute.  
Table 143. CT DnqERMessageRightsDNIBULKPMT. Access rights for Bulk Payments message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNIBULKPMT that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNIBULKPMT that are not parsable. (none)
pain.001.001 ... pain.014.001
pacs.002.001 ... pacs.009.001
camt.003.001 ... camt.070.001
camt.998.001
caaa.001.001 ... caaa.015.001
acmt.007.001 ... acmt.024.001
 The user can access messages of the domain DNIBULKPMT that have the corresponding type. (none)
Table 144. CT DnqERMessageRightsDNICASHREP. Access rights for Cash Reporting message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNICASHREP that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNICASHREP that are not parsable. (none)

camt.003.001 ... camt.060.001

 The user can access messages of the domain DNICASHREP that have the corresponding type. (none)
Table 145. CT DnqERMessageRightsDNICLEARING. Access rights for Clearing message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNICLEARING that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNICLEARING that are not parsable. (none)
camt.052.001 ... camt.053.001
colr.003.001 ... colr.016.001
secl.001.001 ... secl.010.001
semt.018.001
 The user can access messages of the domain DNICLEARING that have the corresponding type. (none)
Table 146. CT DnqERMessageRightsDNICOLLMGMT. Access rights for Collateral Management message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNICOLLMGMT that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNICOLLMGMT that are not parsable. (none)

colr.003.001 ... colr.016.001

 The user can access messages of the domain DNICOLLMGMT that have the corresponding type. (none)
Table 147. CT DnqERMessageRightsDNICORPACT. Access rights for Corporate Actions message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNICORPACT that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNICORPACT that are not parsable. (none)
seev.031.002 ... seev.044.002
semt.015.002
 The user can access messages of the domain DNICORPACT that have the corresponding type. (none)
Table 148. CT DnqERMessageRightsDNIEINVOICING. Access rights for e-invoicing message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNIEINVOICING that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNIEINVOICING that are not parsable. (none)

tsin.004.001

 The user can access messages of the domain DNIEINVOICING that have the corresponding type. (none)
Table 149. CT DnqERMessageRightsDNIENI. Access rights for Exceptions and Investigations message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNIENI that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNIENI that are not parsable. (none)

camt.007.002 ... camt.039.001

 The user can access messages of the domain DNIENI that have the corresponding type. (none)
Table 150. CT DnqERMessageRightsDNIFIN. Access rights for FIN message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNIFIN that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNIFIN that are not parsable. (none)
FIN008 ... FIN999
GPA009 ... GPA094
 The user can access messages of the corresponding FIN or GPA type. (none)
Table 151. CT DnqERMessageRightsDNIFUNDS. Access rights for Funds message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNIFUNDS that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNIFUNDS that are not parsable. (none)
acmt.001.001 ... acmt.006.001
camt.040.001 ... camt.045.001
reda.001.001 ... reda.005.001
semt.001.001 ... semt.012.001
semt.021.001
semt.041.001 ... semt.042.001
sese.001.001 ... sese.019.001
setr.001.001 ... setr.066.001
 The user can access messages of the domain DNIFUNDS that have the corresponding type. (none)
Table 152. CT DnqERMessageRightsDNIMX. Access rights for MX message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNIMX that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNIMX that are not parsable. (none)
acmt.001.001 ... acmt.026.001
admi.001.001 ... admi.011.001
admi.998.001
auth.001.001 ... auth.015.001
auth.018.001 ... auth.028.001
auth.034.001
auth.038.001
caaa.001.001 ... caaa.017.001
caam.001.001 ... caam.012.001
camt.003.001 ... camt.087.001
camt.998.001
catm.001.001 ... catm.004.001
catp.001.001 ... catp.017.001
colr.003.001 ... colr.016.001
pacs.002.001 ... pacs.010.001
pacs.028.001
pain.001.001 ... pain.018.001
pain.998.001
reda.001.001 ... reda.005.001
reda.056.001 ... reda.059.001
remt.001.001 ... remt.002.001
secl.001.001 ... secl.010.001
seev.001.001 ... seev.044.001
seev.030.002 ... seev.044.002
semt.001.001 ... semt.024.001
semt.041.001 ... semt.042.001
semt.998.001
sese.001.001 ... sese.040.001
sese.020.002 ... sese.040.002
seti.001.001 ... seti.016.001
setr.001.001 ... setr.066.001
supl.001.001 ... supl.031.001
trea.001.001 ... trea.013.001
tsin.001.001 ... tsin.005.001
tsmt.001.001 ... tsmt.052.001
tsrv.001.001 ... tsrv.019.001
 The user can access messages of the domain DNIMX that have the corresponding type. (none)
Table 153. CT DnqERMessageRightsDNIPROXYVOTING. Access rights for Proxy Voting message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNIPROXYVOTING that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNIPROXYVOTING that are not parsable. (none)

seev.001.001 ... seev.008.001

 The user can access messages of the domain DNIPROXYVOTING that have the corresponding type. (none)
Table 154. CT DnqERMessageRightsDNISNSYS. Access rights for SWIFTNet system message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNISNSYS that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNISNSYS that are not parsable. (none)

xsys.001.001 ... xsys.028.001

 The user can access SWIFTNet system messages of the corresponding type. (none)
Table 155. CT DnqERMessageRightsDNISWIFTREMIT. Access rights for Workers Remittances message types
Attribute Description Possible values
DNIEMPTY The user can access messages of the domain DNISWIFTREMIT that do not have a payload. (none)
DNIUNPARSABLE The user can access messages of the domain DNISWIFTREMIT that are not parsable. (none)
camt.007.002
camt.029.001
camt.056.001
pacs.002.001
pacs.004.001
pacs.008.001
 The user can access messages of the domain DNISWIFTREMIT that have the corresponding type. (none)
Table 156. CT DnqEROUOptions. OU settings for MER
Attribute Description Possible values
RMABypassTT Whether RMA checks are bypassed for test and training (T&T) messages. This attribute is optional, the default is to not bypass these RMA checks.
  • true
  • false (default)
The values are not case-sensitive.
FINReferenceExtraction How to extract, from a FIN message, the value that is displayed in the "Reference" column of an MER Facility message list. Only the indicated possible values are allowed, this is not a comma-separated list.
  • 108,20 (default)
  • 20
MonitorThresholdRouting The default queue-depth threshold for messages in an MER queue that are waiting to be routed. This attribute is optional. Any positive integer.
MonitorThresholdUser The default queue-depth threshold for messages in an MER queue that are awaiting user action. This attribute is optional. Any positive integer.
RetypeFieldDefinitionsFile The path and name of a file resource with custom definitions for retype fields. The file resource will be searched in the classpath of the MER enterprise application. A resource path and file name starting with dnq/mer/. By default, built-in retype field definitions are used.
EditorWrapLines Indicates whether the line wrapping mode for input fields with multiple lines is enabled. If enabled, a line break is added automatically to the last line, when the user continues to write at the end of that line. The input field stops to accept characters typed by the user, if the cursor is located at the end of the maximum line.
  • Char (enabled)
  • No (default)
The values are not case-sensitive.

EditorAllFieldsUppercase

 Indicates whether the conversion to uppercase characters is enabled for the input fields of FIN messages. If enabled, all characters in the input fields of the Formatted view or Unformatted view are displayed as uppercase characters. If the message is submitted, characters are saved as uppercase characters.
  • FIN (enabled for FIN messages)
  • No (default)
The values are not case-sensitive.
Table 157. CT DnqEROURights. OU access rights
Attribute Description Possible values
VIEWHISTORY Users can view the message history of messages they have access to in context of this OU. (none)
VIEW The user can view all messages available on any queue of this OU. (none)
DELETE The user can delete all messages available on any queue of this OU. (none)
MOVE The user can move all messages available on any queue of this OU. (none)
COPY The user can copy all messages available on any queue of this OU. (none)
RETRYROUTING The user can retry the routing of all messages available on any queue of this OU. (none)
UNLOCK The user can unlock all messages available on any queue of this OU. (none)
Table 158. CT DnqERQueue. MER queue settings and access rights
Attribute Description Possible values
ActionList Specifies the standard business actions and custom actions that are to be available on this queue. This attribute is optional. The default is to provide the standard business actions as specified for the queue purpose. If the value is specified but empty (at least one blank), no business actions are available for the queue. A comma-separated list of:
  • dnq.accept
  • dnq.reject
  • dnq.submit
  • The name of a CO of type DnqERCustomAction for this OU
Up to five actions can be specified.
ActionListRequireOpen Specifies the standard business actions and custom actions that are to be excluded from the context menu available on messages in the message list of this queue. This attribute is optional. The default is to provide the actions specific to the queue purpose, respectively to provide the actions as specified by the attribute ActionList. A comma-separated list of:
  • dnq.accept
  • dnq.reject
  • dnq.submit
  • The name of a CO of type DnqERCustomAction for this OU
Up to five actions can be specified.
AllowComments Specifies whether the editing of comments is allowed for queues with purpose Display. This attribute is optional.
  • true (default)
  • false
The values are not case-sensitive.
AllowDrafts Specifies whether the saving of draft messages is allowed for queues with purpose Create or Edit. This attribute is optional and can be specified only for queues with purpose Create or Edit.
  • true (default)
  • false
The values are not case-sensitive.
BrowserPrintActionList Specifies a list of actions that invoke browser-based printing of a message. This attribute is optional. A comma-separated list of:
  • dnq.accept
  • dnq.print
  • dnq.reject
  • dnq.submit
  • The name of a CO of type DnqERCustomAction for this OU
CHANGELOCALADDR Gives a user permission to change the local address of messages on an Edit queue. (none)
MonitorThresholdRouting The queue-depth threshold for messages in an MER queue that are waiting to be routed. If this number is reached or exceeded, an event is issued. 0 (if the default threshold is to be ignored) or a positive integer (to override the default threshold). If not specified, the default threshold is applied.
MonitorThresholdUser The queue-depth threshold for messages in an MER queue that are awaiting user action. If this number is reached or exceeded, an event is issued. 0 (if the default threshold is to be ignored) or a positive integer (to override the default threshold). If not specified, the default threshold is applied.
Purpose Defines the purpose of the queue.
Note: For some purposes, the value to configure differs from the name of the purpose. See Creating new queues for details.
  • Authorize
  • Create
  • DblAuthorize
  • Display
  • Edit
  • General
  • Retype
TEMPLATEADMIN Gives a user permission to create, edit, and delete templates stored in a Template queue. (none)
USE Gives a user permission to:
  • Create a message on a Create queue
  • Edit a message on an Edit queue
  • Authorize a message on an Authorize or Confirm queue
  • Retype a message on a Retype queue
  • Display a message on a Display queue
  • Execute custom actions
 (none)
ValidateRM Defines for Create or Edit queues whether the RMA authorisation is validated. (none)
Table 159. CT DnqOptionsMwh. Message warehouse settings for ER
Attribute Description Possible values
DnqFlagMwh Indicates whether the message warehouse function is enabled.
  • Yes
  • No (default)
The values are not case-sensitive.
DnqContentMwh Indicates what is to be stored in the message warehouse record.
  • Index
  • IndexAndBody
  • IndexAndMessage (default)
Table 160. CT DnqPrintOpAccessControl. Access rights for print operations
Attribute Description Possible values
status Displays print queue status (none)
start Starts print queues (none)
stop Stops print queues (none)
reprint Reprints messages or orders (none)
confirm Confirms an order (none)
release Releases an order (none)
delete Deletes messages or orders (none)
restart Restarts the ControlledInput node of the print service (none)
Table 161. CT DnqPrintQueue. Defines the message printing service queue properties
Attribute Description Possible values
InputEnabled If this pseudo attribute is configured, the Message Print Service can import messages for this queue; otherwise, it cannot. (none)
PrintDeviceType The type of print device. This attribute is mandatory.
  • 0: Print to printer
  • 1: Print to file
PrintDevice The print device. This attribute is mandatory.
  • When printing to a printer (PrintDeviceType=0), specify the command that is to be used to send the temporary files to the printer.
  • When printing to a file (PrintDeviceType=1), specify the directory in which the print output files are to be stored.
PrintOptions Defines additional options for the print device.
  • Print to printer: Mandatory. Name of a defined output descriptor. (a CO of type DnqPrintOutputDescriptor with the same name must be defined)
  • Print to file: Optional. File prefix of the print output files.
This attribute is optional.		 String
PrintLineLength Number of characters the printer can print per line. Integer (the default is 80)
PrintPageLength Number of lines the printer can print per page. Integer (the default is 60)
PrintFormatHeader Print format for the header. This attribute is optional.
  • 0: No RFH2 and no message history entries
  • 1: Include message history but no other RFH2 entries
  • 2: Include RFH2, but no message history entries
  • 3: Include message history and other RFH2 entries (this is the default)
PrintFormatMessage Print format for the message. This attribute is optional.
  • 0: Formatted output, and print all fields
  • 1: Formatted output, but print only fields with data (this is the default)
  • 2: Line format output
OrderSize How many messages are to be combined into a single print job. This attribute is optional. Integer > 0 (the default value is 1)
OrderTimeout Number of minutes after which an order is processed, even if its order size was not reached. A value of 0 means that no timeout is to be set. Integer (the default is 0)
Confirmation If configured, an operator must manually confirm each order. (none)
BICExpansion If configured, extra information about the BIC from the reference data database is added to the printout of each message. (none)
Priority The priority of the print queue. Higher values means higher priority. Integer from 0 - 9 (default is 5)
TargetQueue The name of the MQ queue for the generated output messages. If it is not configured, no output messages are generated.  
TargetQMgr The name of the MQ queue manager for the generated output messages. The default is the queue manager used by the message printing service.  
Table 162. CT DnqPrintService. Defines the properties of the message printing service
Attribute Description Possible values
DoCmdAudit Specifies the commands for which a command audit entry are to be written.
  • yes
  • no
WorkingDirectory Directory in which the print processing service stores the print output files. For PrintToFile, the print output files in this directory are moved to the user-defined directory specified by the PrintDevice and PrintOptions attributes of a CO of type DnqPrintQueue.

Mandatory.

 Directory path
Table 163. CT DnqRoutingTargetQueue. Address routing-specific target queues in output adapters
Attribute Description Possible values
Queue Target queue into which messages are to be put  
QueueManager Queue manager of the target queue  

Configuration objects

In this section:
  • Table 164 lists the FTM SWIFT COs for which you need to specify a name
  • Table 165 lists the FTM SWIFT COs with predefined names
Notes:
  1. Due to space restrictions, some of the names of the CTs, COs, and attributes shown here are split onto two lines, although each is in fact written as one word.
  2. Some attributes in the table contain a string that begins with the characters DNIv. These strings are variables that are replaced during customization by values specified by the customizer.
  3. The numbers in the Used in common service column refer to the services listed in Legend of common services provided by the product.
Table 164. COs with custom names
Configuration object (CO) Configuration object type (CT) Attribute Used in common service
<BIC8 of a destination> DnfBic8Map BOU 6
<name of a synonym LT> DnfSynonymLT Master  
<name of SWIFTNet FINCopy service> DnfFinCopyService TolerateSingleAuthentication
CentralInstitution
TransferDirection		  
<name of master LT> DnfAccessControlFmtf FMTENABLE
FMTDISABLE
FMTSTART
FMTSTOP
FMTRESET
RECOVER
QUERY
SEND		 6
<name of master LT> DnfLT See Table 42  
<name of master LT> DnfLTMap OU 6
<target destination> DnfFmtfDestination enabled
FmtAssignedServices
FmtAssignedMessageTypes
FmtReceivableMessageTypes
RequestDelayedNak
AllowDelayedNak
Instance
OU
QueueManager		 6
<name of SWIFTNet FINCopy service connection> (see Configuring signer DNs for FIN Y-Copy) DnfFinCopyServiceConn SignerDN  
<BIC8 of a destination> DnfRmBic8 RequestDeliveryNotif
TransferOptionSet		  
<name of input channel> DnfEfaCmdAccessControl create.ic
open.ic
close.ic
delete.ic		  
<name of output channel> DnfEfaCmdAccessControl create.oc
open.oc
close.oc
delete.oc		  
Table 165. COs with predefined names
Configuration object (CO) Configuration object type (CT) Attribute Used in common service
ALL DnqEROURights VIEWHISTORY  
VIEW  
DELETE  
MOVE  
COPY  
RETRYROUTING  
UNLOCK  
ALL DnqERMessageRights DNIBULKPMT DNIUNPARSABLE  
DNIEMPTY  
<all Bulk Payments message types>  
ALL DnqERMessageRights DNICASHREP DNIUNPARSABLE  
DNIEMPTY  
<all Cash Reporting message types>  
ALL DnqERMessageRights DNICLEARING DNIUNPARSABLE  
DNIEMPTY  
<all Clearing message types>  
ALL DnqERMessageRights DNICOLLMGMT DNIUNPARSABLE  
DNIEMPTY  
<all Collateral Management message types>  
ALL DnqERMessageRights DNICORPACT DNIUNPARSABLE  
DNIEMPTY  
<all Corporate Actions message types>  
ALL DnqERMessageRights DNIEINVOICING DNIUNPARSABLE  
DNIEMPTY  
<all e-invoicing message types>  
ALL DnqERMessageRightsDNIENI DNIUNPARSABLE  
DNIEMPTY  
<all Exceptions and Investigations message types>  
ALL DnqERMessageRightsDNIFIN DNIUNPARSABLE  
DNIEMPTY  
<all FIN message types>  
ALL DnqERMessageRights DNIFUNDS DNIUNPARSABLE  
DNIEMPTY  
<all Funds message types>  
ALL DnqERMessageRightsDNIMX DNIUNPARSABLE  
DNIEMPTY  
<all MX message types>  
ALL DnqERMessageRights DNIPROXYVOTING DNIUNPARSABLE  
DNIEMPTY  
<all Proxy Voting message types>  
ALL DnqERMessageRights DNISNSYS DNIUNPARSABLE  
DNIEMPTY  
<all SWIFTNet system message types>  
ALL DnqERMessageRights DNITRANSREP DNIUNPARSABLE  
DNIEMPTY  
<all transaction reporting message types>  
ALL DnqERMessageRights DNIWORKREM DNIUNPARSABLE  
DNIEMPTY  
<all Workers Remittances message types>  
DNF DniLevelsTrace Level  
DNF_L_ADM DNF_L_ADM IMPORTASP
QUERY
QUERYASP
QUERYRELATIONSHIP
START		  
DNF_L_IMP DniCinService CommandQueue

Value: DNF_L_IMP.CTRL

 10
DNF_L_TR DniCinService CommandQueue

Value: DNF_L_TRCMD

 10
EnhancedErrorHandlingEnabled
DNF_O_FT DniCinService CommandQueue

Value: DNF_O_FTRST

 10
EnhancedErrorHandlingEnabled
DnfAddOU DniAddOU DnfLAUKeyRM.hk1
DnfLAUKeyRM.hk2		  
DnfAuditOptionsAppEfa DniOptionsMsgAudit DniFlagMsgAudit  
DnfAuditOptionsIlcCmd DniOptionsMsgAudit DniFlagMsgAudit
DniFlagSaveMQRFH2		  
DnfAuditOptionsSagEfa DniOptionsMsgAudit DniFlagMsgAudi  
DnfB_ADM DnfB_ADM Audit  
DNFCOMMON DniConfigSVB cosfile
ctfile
hisfile
migfile
rolefile		  
DnfDatabaseParamsNss DnfDatabaseParamsNss DnfSchemaNss  
DnfEfaAdmAccessControl DnfEfaCmdAccessControl cancel
cleanup.ref
cleanup.ic
cleanup.ic.force
cleanup.oc
cleanup.oc.force
cleanup.q.force
cleanup.q
cleanup.sub
cleanup.sub.force
cleanup.aux
cleanup.aux.force
list
recover		  
DnfEfaBouParameters DnfEfaBouParameters DoCmdAudit
InErrorAction
TrackProcessing
SagSwitchMode
SnFSessionCloseMode 		 
DnfEfaFtAccessControl DnfEfaFtAccessControl snd prvdl
dl
rcv		  
DnfEfaOpAccessControl DnfEfaCmdAccessControl cleanup.me
query.service
restart
start
stop		  
DNFEFAS DniConfigSVB cosfile
ctfile
hisfile
migfile
rolefile		  
DnfEfaSwiftOpAccessControl DnfEfaCmdAccessControl acquire
query.mposgrp
query.snlid
release
set
status
subscribe		  
DNFFCOMMON DniConfigSVB cosfile
ctfile
hisfile
migfile
rolefile		  
DnfFIN DnfVerifService AutoInterval
MaxInterval
MaxTransactionSize
DefaultVerifConn
SNLRequestExpiration		  
DnfFINISNSnffsm DniOptionsMsgAudit DniFlagMsgAudit
DniFlagSaveMQRFH2		  
DnfFINOSNSnffsm DniOptionsMsgAudit DniFlagMsgAudit
DniFlagSaveMQRFH2		  
DnfFinParametersSnfil DnfFinParametersSnfil DnfAccessControlSnfil
Audit
FmtFinSendingEnabled
AuthorizeTT
SigVerifError		  
DnfFmtfParameters DnfFmtfParameters Audit
FmtUtilizeBrokerUserId		  
DnfFmtfRouting DnfFmtfRouting enabled
Destination
TargetLtId
LtAssignedServices
LtAssignedMessageTypes 		6
DnfGPAISNSuffsm DniOptionsMsgAudit DniFlagMsgAudit
DniFlagSaveMQRFH2		  
DnfGPAOSNSuffsm DniOptionsMsgAudit DniFlagMsgAudit
DniFlagSaveMQRFH2		  
DnfIlcFinAudit DniOptionsMsgAudit DniFlagMsgAudit
DniFlagSaveMQRFH2		  
DnfIlcFinFmtfAudit DniOptionsMsgAudit DniFlagSaveMQRFH2  
DnfIlsAckAudit DniOptionsMsgAudit DniFlagMsgAudit
DniFlagSaveMQRFH2		  
DnfIlsAckFmtfAudit DniOptionsMsgAudit DniFlagSaveMQRFH2  
DnfIlsFinAudit DniOptionsMsgAudit DniFlagMsgAudit
DniFlagSaveMQRFH2		  
DnfIlsFinFmtfAudit DniOptionsMsgAudit DniFlagSaveMQRFH2  
DnfIlsRfoAudit DniOptionsMsgAudit DniFlagSaveMQRFH2  
DnfListOU DniListOU DnfLAUKeyRM.hk1
DnfLAUKeyRM.hk2		  
DnfMessageFilesFin DniFileDir Path

Value: DNIvPATH/run/msg

 13
read
DnfMessageFilesMsif DniFileDir Path

Value: DNIvPATH/run/msg

 13
read
DnfMwhFileEfa DniMessageWarehouseAdjunct DniTableMwh  
DnfMwhMsgEfa DniMessageWarehouseAdjunct DniTableMwh  
DnfMwhOptionsClientFmtf DnfOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfMwhOptionsClientSnfil DnfOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfMwhOptionsServerFmtf DnfOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfMwhOptionsServerSnfil DnfOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfNssClient DnfDatabaseParamsNss DnfSchemaNss
DnfTableNss		  
DnfNssServer DnfDatabaseParamsNss DnfSchemaNss
DnfTableNss		  
DnfOptionsMwhDlEfa DnfEfaOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfOptionsMwhEfa DnfEfaOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfOptionsMwhPdlEfa DnfEfaOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfOptionsMwhRcvFileEfa DnfEfaOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfOptionsMwhRcvMsgEfa DnfEfaOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfOptionsMwhRdlEfa DnfEfaOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfOptionsMwhSndFileEfa DnfEfaOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfOptionsMwhSndMsgEfa DnfEfaOptionsMwh DnfFlagMwh
DnfContentMwh		  
DnfParametersSnfdb DnfParametersSnfdb DnfCollectionSnfdb
DnfSchemaSnfdb		  
DnfRemOU DniRemOU DnfLAUKeyRM.hk1
DnfLAUKeyRM.hk2		  
DNFRMA DnfSVB deployed  
DnfRmParameters DnfRmParameters Audit
DefaultExportDir
DefaultImportDir
DefaultLogDir		 11
ApprovalSteps
ApprovalUserRestriction		 12
DnfSnFParameters DnfSnFParameters Audit  
DnfSRVSnffsm DnfOptionsMsgAudit DnfFlagMsgAudit
DnfFlagSaveMQRFH2		  
DnfVerifParameters DnfVerifParameters Audit  
DNI DniLevelsTrace Level All
DNI_SYSOP DNI_SYSOP START 10
DniAccAdm.del DniAccAdm.del (none) 1
DniAccAdm.list DniAccAdm.list (none) 1
DniAccAudit DniAccAudit DniFlagAccAudit 2
DniAccessControl DniAccessControl DniPollIntAcp 3 4 5 6 9
DniAEvent.del DniAEvent.del (none) 3
DniAEvent.list DniAEvent.list (none) 3
DniCfgProvider DniCfgProvider DniPollIntCpn All
DNIEMPTY DnqERLocalAddress Address

Value: DNIEMPTY

  
DniMessageFiles DniFileDir Path

Value: DNIvPATH/run/msg

 13
read
DniMonitor.dreg DniMonitor.dreg (none) 4
DniMonitor.reg DniMonitor.reg (none) 4
DniMsgAudit DniMsgAudit DniSchemaAudit

Value: The value specified for the DNIvSN placeholder

 7,9
DniTableMsgAudit

Value: DNI_A_MSG_ou
DniMwh DniMessageWarehouse DniSchemaMwh

Value: The value specified for the DNIvSN placeholder

  
DniTableMwh

Value: DNIMWH_PT_ou
DnfMwhFin DniMessageWarehouseAdjunct DniTableMwh

Value: DNFMWHFIN_ou

  
DniOptionsRmtMsgAudit DniOptionsMsgAudit DniFlagMsgAudit 7
DniOptionsSampleMsgAudit DniFlagSaveMQRFH2 9
DniSample DniSample (none) 9
DniSampleMessageWarehouse DniMessageWarehouse DniSchemaMwh

Value: The value specified for the DNIvSN placeholder

 9
DniTableMwh

Value: DNIMWH_PT_ou
DniSecAdm DniSecAdm DniFlagDouble
AuthSecAdm		 5
DniSecAdm.ac DniSecAdm.ac user 5
DniSecAdm.add DniSecAdm.add ro
rg
user		 5
DniSecAdm.app DniSecAdm.app ro
rg
user		 5
DniSecAdm.aut DniSecAdm.aut user 5
DniSecAdm.com DniSecAdm.com ro
rg
user		 5
DniSecAdm.cre DniSecAdm.cre ro
rg 		5
DniSecAdm.del DniSecAdm.del ro
rg 		5
DniSecAdm.list DniSecAdm.list ro
rg
user		 5
DniSecAdm.mod DniSecAdm.mod ro
rg		 5
DniSecAdm.react DniSecAdm.react user 5
DniSecAdm.rej DniSecAdm.rej ro
rg
user		 5
DniSecAdm.rem DniSecAdm.rem ro
rg
user		 5
DniSecAdm.rev DniSecAdm.rev user 5
DniSecAdm.xou DniSecAdm.xou (none) 5
DniSysAdm DniSysAdm DniFlagDouble
AuthCfg		 6
DniSysAdm.add DniSysAdm.add cos
ct
ou		 6
DniSysAdm.app DniSysAdm.app cos
ct
ou		 6
DniSysAdm.com DniSysAdm.com cos
ct
ou		 6
DniSysAdm.cre DniSysAdm.cre cos
ct		 6
DniSysAdm.del DniSysAdm.del cos
ct		 6
DniSysAdm.dep DniSysAdm.dep cos
ct
ou		 6
DniSysAdm.dreg DniSysAdm.dreg cos 6
DniSysAdm.list DniSysAdm.list cos
ct
ou		 6
DniSysAdm.mod DniSysAdm.mod cos
ct
ou		 6
DniSysAdm.ra DniSysAdm.ra cos
ct
ou		 6
DniSysAdm.reg DniSysAdm.reg cos 6
DniSysAdm.rej DniSysAdm.rej cos
ct
ou		 6
DniSysAdm.rem DniSysAdm.rem cos
ct
ou		 6
DniSysAdm.res DniSysAdm.res cos
ct
ou		 6
DNIT0060 DniTimer DniPollingIntervalTimer

Value: 60

 8
DniSchemaTimer

Value: The value specified for the DNIvSN placeholder
DniTableTimer

Value: DNI_TIMER01
DNIUNPARSABLE DnqERLocalAddress Address

Value: DNIUNPARSABLE

  
DniUserAudit DniUserAudit DniSchemaAudit

Value: The value specified for the DNIvSN placeholder

 1 2 4 5 6 8 9
DniTableUserAudit

Value: DNI_A_USR_ou
DnpAoRdmParameters DnpAoRdmParameters ApprovalRequired

Value: YES

  
DnpAoRdmRights DnpAoRdmRights APPROVE
DISPLAY
MODIFY		  
DNQ_P_PRT DniCinService CommandQueue

Value: DNQ_P_RST

 10
DNQCOMMON DniConfigSVB cosfile
ctfile
hisfile
migfile
rolefile		  
DnqER DniOptionsMsgAudit DniFlagMsgAudit

Value: Yes

  
DniFlagSaveMQRFH2

Value: Yes

  
DnqER DnqOptionsMwh DnqFlagMwh

Value: No

  
DnqContentMwh

Value: IndexAndMessage

  
DNQERBS DniConfigSVB cosfile
ctfile
hisfile
migfile
rolefile		  
DnqEROUOptions DnqEROUOptions RMABypassTT

Value: false

  
FINReferenceExtraction

Value: 108,20

  
MonitorThresholdRouting  
MonitorThresholdUser  
RetypeFieldDefinitionsFile  
EditorWrapLines

Value: No

  
EditorAllFieldsUppercase

Value: No

  
DnqMessageFiles DniFileDir Path

Value: DNIvPATH/run/msg

 13
read
DnqMwhOptionsPrint DnqOptionsMwh DnqFlagMwh

Value: No

  
DnqContentMwh

Value: IndexAndMessage

  
DnqMwhOptionsSdf DnqOptionsMwh DnqFlagMwh

Value: No

  
DnqContentMwh

Value: IndexAndMessage

  
DNPAO DniConfigSVB cosfile
ctfile
hisfile
migfile
rolefile		  

Legend of common services provided by the product

The numbers shown in the "Used in common service" column correspond to the following common services:
1
Accounting administration service
2
Recording of audit data for accounting administration
3
Event administration
4
Monitor
5
Security administration
6
System configuration
7
Remote audit
8
Timer
9
Sample
10
System operation
11
Relationship Management Administration service
12
Relationship Management Application
13
Administration and Operation Facility

Legend of common services provided by the product

Configuration object sets

Common configuration object sets (COSs) of the product are directly inserted into the configuration tables without script files.

For other features the commands to create the predefined COSs and add to them the appropriate configuration objects (COs) are contained in the following script files:
Feature Script file
Support for SWIFTNet FIN dnfczcas.cli
Financial Message Transfer (FMT)
Messaging Services for SWIFTNet InterAct and FileAct (MSIF) dnfczocs.cli
Message Management dnqczcas.cli

Common COSs of the product

Table 166. COS DniSysOpCos. Retrieve configuration objects for the System Operation service.
Configuration object type (CT) Configuration object (CO)
DniCinService *
Table 167. COS DnpAoBaseCos. Retrieve common configuration objects of the FTM SWIFT product for the Administration and Operation Facility.
Configuration object type (CT) Configuration object (CO)
DnpAoParameters DnpAoParameters
Table 168. COS DnpAoFinCos. Retrieve configuration objects of the FTM SWIFT SWIFTNet FIN feature for the Administration and Operation Facility.
Configuration object type (CT) Configuration object (CO)
DnfLT *
DnfLTConn *
DnfLTMap *
Table 169. COS DnpAoStartupCos. Retrieve configuration objects for the startup of the Administration and Operation Facility.
Configuration object type (CT) Configuration object (CO)
DniFileDir DnfMessageFilesFin
DniFileDir DnfMessageFilesMsif
DniFileDir DniMessageFiles
DniFileDir DnqMessageFiles

dnfczcas.cli

cre -cos DnfSWIFTDnCos -desc DnfSWIFTDnCos
add -cos DnfSWIFTDnCos -ct DniUserAudit -co DniUserAudit
add -cos DnfSWIFTDnCos -ct DnfSWIFTDn -co *
com -cos DnfSWIFTDnCos

cre -cos SAGOPCFG1 -desc SAGOPCFG1
add -cos SAGOPCFG1 -ct DnfSAGopcfg     -co *
add -cos SAGOPCFG1 -ct DniUserAudit    -co *
com -cos SAGOPCFG1

cre -cos DnfBackoutCos -desc DnfBackoutCos
add -cos DnfBackoutCos -ct DniOptionsMsgAudit -co DnfAuditOptionsBof
add -cos DnfBackoutCos -ct DniMsgAudit        -co DniMsgAudit
com -cos DnfBackoutCos

cre -cos DnfLAdmCos -desc DnfLAdmCos
add -cos DnfLAdmCos -ct DnfRmParameters               -co DnfRmParameters
add -cos DnfLAdmCos -ct DniUserAudit                  -co DniUserAudit
add -cos DnfLAdmCos -ct DniMsgAudit                   -co DniMsgAudit
add -cos DnfLAdmCos -ct DniLevelsTrace                -co *
add -cos DnfLAdmCos -ct DnfSVB                        -co *
com -cos DnfLAdmCos

cre -cos DnfLImpCos -desc DnfLImpCos
add -cos DnfLImpCos -ct DniOptionsMsgAudit            -co DnfRMImport
add -cos DnfLImpCos -ct DniMsgAudit                   -co DniMsgAudit
com -cos DnfLImpCos

cre -cos DnfRExpCos -desc DnfRExpCos
add -cos DnfRExpCos -ct DnfLAUKeyMP         -co *
add -cos DnfRExpCos -ct DnfLAUKeyRM         -co *
add -cos DnfRExpCos -ct DnfLAUKeyExpiration -co *
add -cos DnfRExpCos -ct DnfLTMap -co *
com -cos DnfRExpCos

cre -cos DnfVerifCos -desc DnfVerifCos
add -cos DnfVerifCos -ct DniLevelsTrace     -co *
com -cos DnfVerifCos

cre -cos DnfRmCos -desc 'COS for Relationship Management Application'
add -cos DnfRmCos -ct DnfRmParameters -co DnfRmParameters
add -cos DnfRmCos -ct DnfBic8Map      -co *
add -cos DnfRmCos -ct DniOU           -co *
com -cos DnfRmCos

dnfczocs.cli

cre -cos DnfEfaCmdCos -desc 'DnfEfaCmdCos'
add -cos DnfEfaCmdCos -ct DnfEfaParameters -co DnfEfaParameters
add -cos DnfEfaCmdCos -ct DnfEfaBouParameters -co DnfEfaBouParameters
add -cos DnfEfaCmdCos -ct DniUserAudit -co DniUserAudit
add -cos DnfEfaCmdCos -ct DniMsgAudit -co DniMsgAudit
com -cos DnfEfaCmdCos

cre -cos DnfEfaFtCos
add -cos DnfEfaFtCos -ct DnfEfaParameters -co DnfEfaParameters
add -cos DnfEfaFtCos -ct DniUserAudit -co DniUserAudit
add -cos DnfEfaFtCos -ct DniMsgAudit -co DniMsgAudit
add -cos DnfEfaFtCos -ct DniMessageWarehouse -co DniMwh
add -cos DnfEfaFtCos -ct DniMessageWarehouseAdjunct -co DnfMwhFileEfa
add -cos DnfEfaFtCos -ct DniMessageWarehouseAdjunct -co DnfMwhMsgEfa
add -cos DnfEfaFtCos -ct DniOptionsMsgAudit -co DnfAuditOptionsAppEfa
add -cos DnfEfaFtCos -ct DniOptionsMsgAudit -co DnfAuditOptionsSagEfa
add -cos DnfEfaFtCos -ct DnfEfaOptionsMwh -co *
add -cos DnfEfaFtCos -ct DnfEfaBouParameters -co DnfEfaBouParameters
com -cos DnfEfaFtCos

dnqczcas.cli

cre -cos DnqERCos -desc DnqERCos
add -cos DnqERCos -ct DnqERQueue -co *
add -cos DnqERCos -ct DnqERLocalAddress -co * 
add -cos DnqERCos -ct DnqERCustomAction -co *
add -cos DnqERCos -ct DniMsgDomain -co *
add -cos DnqERCos -ct DnqEROUOptions -co DnqEROUOptions
com -cos DnqERCos

cre -cos DnqSdfCos -desc 'SDF configuration COS'
add -cos DnqSdfCos -ct DnqOptionsMwh -co DnqMwhOptionsSdf
com -cos DnqSdfCos

Roles

Table 170 lists the roles that are predefined in FTM SWIFT.

Table 170. Predefined roles
Role Authorizes a user to...
DnfAspAdmin Administer application service profile (ASP) data.
DnfDNSec Use a specific distinguished name (DN) for a specific purpose, such as signing. This role is required when issuing certain SNL configuration commands.
DnfEfaAdministrator Administer the MSIF transfer service, that is, list, cancel, and recover MSIF scenarios, and delete information for a particular finished scenario from the MSIF database tables.
DnfEfaApplication Use the MSIF transfer service to send and receive business messages, to send and download files, and to provide files for counterparts to download. This role is required by the user ID under which the broker procedure runs.
DnfEfaOperator Operate the MSIF transfer service, that is, start, stop, and query the MSIF transfer service for a particular OU, restart the MSIF transfer service after it stops due to an error, and delete obsolete information from the MSIF database tables.
DnfEfaSwiftAdministrator Create and delete SnF input and output channels.
DnfEfaSwiftOperator Operate SnF queue and channel sessions and subscribe to FileAct-related events from all SAGs.
DnfFmtFinRemoteSender Use the FMT FIN service to send FIN messages from a remote instance.
DnfFmtFinSender Use the FMT FIN service to send FIN messages from a local instance.
DnfFmtOperator Operate the FMT FIN service.
DnfRmAdmin Export, import, and query RM data, delete stale RMA authorisations, and break user locks on authorisations.
DnfRmApprover Approve the actions of a relationship manager.
DnfRmRelMgr Work with RMA authorisations and conversations, that is, view, create, accept, change, and resend RMA authorisations, and process and delete RMA queries.
DnfRmCfg Use the remote configuration service to retrieve configuration information for RMA.
DnfVerifAdmin Use the signature verification service to reverify messages for which verification previously failed.
DniAccAdmin Use the accounting administration service to administer (for example, list and delete) accounting data.
DniEventAdmin Use the event service to administer (for example, to list or delete) events.
DniMonitor Register and deregister subscriptions to receive events.
DniSA Administer (that is, create, commit, approve, and deploy) the system configuration entities, and thereby specify which resources are available within an instance, and the attributes of these resources. This role also authorizes a user to switch off dual authorization for the system administration and security administration services.
DniSample The sample application uses this role to demonstrate how access control works.
DniSystemOperator Operate the controlled input node (CIN) of MSIF transfer, RM transfer, message printing, and RM import services.
DniUA Control access to resources by managing roles and their assignment to users.
DnpAoCfg Use the system configuration service to retrieve configuration information for the AO Facility.
DnpAoRdmApprove Approve or reject pending changes to reference data.
DnpAoRdmDisplay Display reference data.
DnpAoRdmModify Create, update or delete reference data.
DnpAoSecDisplayUser Use the AO Facility to display users' role assignments.
DnpAoSecAssignUser Use the AO Facility to modify users' role assignments.
DnpAoSecApproveUser Use the AO Facility to approve users' role assignments.
DnpAoSecDisplayRole Use the AO Facility to display roles.
DnpAoSecModifyRole Use the AO Facility to modify roles.
DnpAoSecApproveRole Use the AO Facility to approve roles.
DnqERCfg Use the remote configuration service to retrieve configuration information for the MER Facility.
DnqERMsgAdmin Use the MER Facility to administer (for example, view, delete, move, unlock, redirect, change the local address, and retry routing of) messages, and to monitor redirect and backout queues.
DnqERMsgEditor Use the MER Facility to edit (for example, create, edit, authorize, retype, and view the history of) messages.
DnqERTemplateAdmin Use the MER Facility to create and maintain MER message templates.
DnqPrintAdmin Do everything that a user with the DnqPrintOp role can do, plus start and stop print queues, restart print processing after it stops due to an error, and delete messages or orders from a print queue.
DnqPrintOp Display print queue status, confirm and release print orders, and resubmit failed print orders.
DnqSdf Use the SDF to import or export messages from and into files or data sets.
SagAdmin Use the SAG configuration service to administer SAGs. The role DnfDNSec is also required for some operations.
SagCfgAdmin Use the SAG configuration service to approve and deploy SAG configuration data. The role DnfDNSec is also required for some operations.
SagCfgPKIAdmin Use the SAG configuration service to configure SWIFTNet user and security information.
SagOperator Use the SAG operation service to operate SAGs.
SWIFTNetFINOperator Issue SIPN FIN LT operation commands.
SWIFTNetFINSender Use the SIPN FIN service to send FIN messages.