Configuration GuideRelational Database ManagementWell-Known Attributes for a Relational Database › User Well-Known Attributes

Previous Topic: Well-Known Attributes for a Relational Database

Next Topic: Group Well-Known Attributes

User Well-Known Attributes

A list of user well-known attributes follows:

%ADMIN_OF%

Contains the list of groups for which the user is an administrator.

This well-known attribute may improve search performance at sites with many groups. If the %ADMIN_OF% well-known attribute is specified, CA Identity Manager looks for the groups that a user can manage in the %ADMIN_OF% attribute, instead of checking every group in the user store.

%ADMIN_ROLE_CONSTRAINT%

Contains the list of administrator’s admin roles.

The physical attribute mapped to %ADMIN_ROLE_CONSTRAINT% must be multivalued to accommodate multiple roles.

We recommend indexing the attribute that is mapped to %ADMIN_ROLE_CONSTRAINT%.

%CERTIFICATION_STATUS%

(Required for using the user certification feature)

Contains the user’s certification status.

Note: For more information about user certification, see the Administration Guide.

%DELEGATORS%

Maps to a list of users who have delegated work items to the current user.

This attribute is required to use delegation. The physical attribute mapped to %DELEGATORS% must be multi-valued and capable of holding strings.

Important! Editing this field directly using Identity Manager tasks or an external tool can cause significant security implications.

%EMAIL%

(Required for enabling the email notification feature)

Stores a user’s email address

%ENABLED_STATE%

(Required)

Tracks a user’s status.

Note: The data type of the physical attribute mapped to %ENABLED_STATE% must be String.

%FIRST_NAME%

Contains a user’s first name.

%FULL_NAME%

(Required)

Contains a user’s first and last name.

%IDENTITY_POLICY%

Contains the list of identity policies that have been applied to a user account.

CA Identity Manager uses this attribute to determine whether an identity policy should be applied to a user. If the policy has the Apply Once setting enabled, and the policy is listed in the %IDENTITY_POLICY% attribute, CA Identity Manager does not apply the changes in the policy to the user.

Note: For more information about identity policies, see the Administration Guide.

%LAST_CERTIFIED_DATE%

(Required for using the user certification feature)

Contains the date when a user’s roles were certified.

Note: For more information about user certification, see the Administration Guide.

%LAST_NAME%

Contains the user’s last name.

%ORG_MEMBERSHIP%

(Required when organizations are supported)

Contains the unique identifier for the organization to which the user belongs.

%ORG_MEMBERSHIP_NAME%

(Required when organizations are supported)

Contains the user-friendly name of the organization to which the user belongs.

%PASSWORD%

Contains a user’s password.

%PASSWORD_DATA%

(Required for password policy support)

Specifies the attribute that tracks password policy information.

%PASSWORD_HINT%

(Required)

Contains user-specified question and answer pairs. The question and answer pairs are used in case of forgotten passwords.

%USER_ID%

(Required)

Stores a user’s login ID.

More information:

Organization Management