The SPA can perform the following tasks:
Create, delete, and modify shared and full organizations in the provider organization in which the SPA has administrative authority.
In the example shown in Figure A–1, the SPA for the VIS provider organization can
Modify or delete the DEF, HIJ, and SESTA organizations
Create additional organizations under the VIS provider organization.
Create, delete, and modify users in any organization under the provider organization.
Create, delete, and modify groups in any organization under the provider organization.
Create, delete, and modify Calendar resources in any organization under the provider organization.
Assign OA roles to users.
For example, in the sample organization shown in Figure A–1, the SPA could assign an OA role to user2 in the SESTA organization. user2 could then manage users in the SESTA organization.
The SPA also can remove the OA role from a user.
Assign the SPA role to other legitimate users under the provider organization (and remove the SPA role).
Allocate service packages to organizations.
For information about service packages, see Service Packages in Chapter 1, Delegated Administrator Overview.
The SPA can assign specified types of service packages to an organization and determine the maximum number of each package that can be used in that organization.
For example, the SPA could assign the following service packages:
In the DEF organization:
1,000 gold packages 500 platinum packages |
In the HIJ organization:
2,500 topaz packages 500 platinum packages 500 emerald packages 1,000 ruby packages |
In the SESTA organization:
2,000 silver packages 1,500 gold packages 100 platinum packages |
The SPA can use the Delegated Administrator console to perform these tasks. In this release, the Delegated Administrator utility does not include command options to perform these tasks.
The TLA can modify or delete any existing shared organization or full organization. The TLA also can manage users in those organizations.
The TLA can remove the SPA role from a user but cannot assign the SPA role through the console. For a list of constraints in this release of Delegated Administrator, see Considerations for This Release.
For a complete description of the administrative tasks performed by the TLA, see Administrator Roles and the Directory Hierarchy in Chapter 1, Delegated Administrator Overview.
The SPA role must be assigned to a user in an organization designated for SPAs and subordinate to the provider organization that the SPA will manage.
In the example shown in Figure A–1, assume you need to create an SPA for the provider organization named VIS. You could assign the SPA role to user1 in the organization DEF.
The SPA must reside in a subordinate organization because a provider organization node does not contain any users.
Thus, before a provider organization can be managed by an SPA, at least one organization must be created under it. This organization should be designated to hold users who are assigned the SPA role. For more information, see Creating a Provider Organization and Service Provider Administrator.