Delegating the management of groups to users
Good day folks,
This should be a simple task but I haven't managed to complete it yet.
For any given group in my organization created using Access Manager 7 from JES2005Q4, a role is created that includes ACIs that give permission to modify the group attributes.
The problem is that when user UX is assigned the admin role to group GX, and when user UX logs in to AM console with the intent of adding user UY to group GX, the operation fails with the notice that it was unable to update "the user attribute".
Some mining in the DS log led me to realise that what this notice should have said is that user UX doesn't have the permission to add the iplanet-am-static-group-dn attribute to user UY.
So what's the GUI way to equip user UX with all permissions he needs to do the basics? Or do I have to go research ACIs in order to give UX the permssions he needs?
Cheers,
Etienne
