Sun Java System Delegated Administrator 6.4 Administration Guide

Service Provider Administrator Role

The SPA can perform the following tasks:

Note –

The TLA can modify or delete any existing shared organization or full organization. The TLA also can manage users in those organizations.

The TLA can remove the SPA role from a user but cannot assign the SPA role through the console. For a list of constraints in this release of Delegated Administrator, see Considerations for This Release.

For a complete description of the administrative tasks performed by the TLA, see Administrator Roles and the Directory Hierarchy in Chapter 1, Delegated Administrator Overview.

Assigning the SPA Role to a User

The SPA role must be assigned to a user in an organization designated for SPAs and subordinate to the provider organization that the SPA will manage.

In the example shown in Figure A–1, assume you need to create an SPA for the provider organization named VIS. You could assign the SPA role to user1 in the organization DEF.

The SPA must reside in a subordinate organization because a provider organization node does not contain any users.

Thus, before a provider organization can be managed by an SPA, at least one organization must be created under it. This organization should be designated to hold users who are assigned the SPA role. For more information, see Creating a Provider Organization and Service Provider Administrator.