Previous Topic: Using Default Validation RulesNext Topic: Predefined Validation Rules

Programming GuidesProgramming Guide for JavaValidation RulesUsing Default Validation RulesDefault Data Validations

Default Data Validations

By default, CA IdentityMinder checks certain data when an administrator submits a task for processing. When the data is invalid, CA IdentityMinder stops processing the task and displays an error message. The data validations that CA IdentityMinder performs are based on the type of task, as shown in the following table:

Tasks

Validation

All tasks

Required fields must have a value.

Create User

Create Group

Create Organization

Create Access Role

Create Access Task

Create Admin Role

Create Admin Task

An administrator cannot create an object with the same name as an existing object of the same type. For example, an administrator cannot create two admin roles with the same name.

Note: For users and groups, CA IdentityMinder checks only the current organization.

Create User

Create Group

Create Organization

An administrator cannot create a user, group, or organization with a name that contains any of the following characters:

  • comma (,)
  • single quote (’)
  • double quote (")
  • asterisk (*)
  • ampersand (&)
  • slash (/)
  • back slash (\)
  • less than sign (<)
  • greater than sign (>)
  • equal to sign (=)
  • plus sign (+)
  • semicolon (;)
  • pound sign (#)
  • leading or trailing spaces

    Note: Organization names can contain a comma (,) or an ampersand (&).

All Create and Modify tasks

Attributes with read/write permission (excluding passwords) cannot contain the following characters:

  • comma (,)
  • percent sign (%)
  • less than sign (<)
  • greater than sign (>)
  • semicolon (;)

These characters are vulnerable to cross-site scripting attacks.

Create User

Self-register

Change My Password

Reset User Password

Any custom task that collects and stores user passwords

If you are using SiteMinder’s Password Services feature to enforce password rules (such as minimum length), user passwords are validated against these rules.

If the password does not satisfy the password policy, the password is not accepted.

Note: For more information, see the SiteMinder Web Access Manager Policy Server Configuration Guide.

Modify User

Administrators cannot give themselves a role or the ability to assign a role.

Forgotten Password

 

If a user profile does not have a password hint and answer, that user cannot use the forgotten password feature.

Delete User

Enable/Disable User

Administrators cannot delete their own profile or change the status of their account.

Delete Organization

Administrators cannot delete the organization where they are assigned the role that contains the Delete Organization task.

Consider an administrator who is assigned the Organization Manager role in the Dealers organization. The Organization Manager role enables this user to delete organizations. This administrator can delete suborganizations of Dealers, but cannot delete Dealers.

Modify Organization

Administrators cannot modify the organization where they are assigned the role that contains the Modify Organization task.