Configuration GuideRelational Database ManagementWell-Known Attributes for a Relational Database › User Well-Known Attributes

Previous Topic: Well-Known Attributes for a Relational Database

Next Topic: Group Well-Known Attributes

User Well-Known Attributes

A list of user well-known attributes follows:

%ADMIN_OF%

Contains the list of groups for which the user is an administrator.

This well-known attribute may improve search performance at sites with many groups. If the %ADMIN_OF% well-known attribute is specified, CA IdentityMinder looks for the user managed groups in the %ADMIN_OF% attribute, instead of checking every group in the user store.

%ADMIN_ROLE_CONSTRAINT%

Contains the list of administrator’s admin roles.

The physical attribute which is mapped to %ADMIN_ROLE_CONSTRAINT% must be multivalued to accommodate multiple roles.

We recommend indexing the attribute that is mapped to %ADMIN_ROLE_CONSTRAINT%.

%CERTIFICATION_STATUS%

(Required for using the user certification feature)

Contains the certification status of a user.

Note: For more information about user certification, see the Administration Guide.

%DELEGATORS%

Maps to a list of users who have delegated work items to the current user.

This attribute is required to use delegation. The physical attribute that mapped to %DELEGATORS% must be multivalued and capable of holding strings.

Important! Editing this field directly using CA IdentityMinder tasks or an external tool can cause significant security implications.

%EMAIL%

(Required for enabling the email notification feature)

Stores email address of a user.

%ENABLED_STATE%

(Required)

Tracks the status of a user.

Note: The data type of the physical attribute which is mapped to %ENABLED_STATE% must be String.

%FIRST_NAME%

Contains first name of a user.

%FULL_NAME%

(Required)

Contains first and last name of a user.

%IDENTITY_POLICY%

Contains the list of identity policies that have been applied to a user account.

CA IdentityMinder uses this attribute to determine whether an identity policy must be applied to a user. If the policy has the Apply Once setting enabled and the policy is listed in the %IDENTITY_POLICY% attribute, CA IdentityMinder does not apply the changes in the policy to the user.

Note: For more information about identity policies, see the Administration Guide.

%LAST_CERTIFIED_DATE%

(Required for using the user certification feature)

Contains the date when the role of a user were certified.

Note: For more information about user certification, see the Administration Guide.

%LAST_NAME%

Contains last name of a user.

%ORG_MEMBERSHIP%

(Required when organizations are supported)

Contains the unique identifier for the organization to which the user belongs.

%ORG_MEMBERSHIP_NAME%

(Required when organizations are supported)

Contains the user-friendly name of the organization to which the user belongs.

%PASSWORD%

Contains a user’s password.

%PASSWORD_DATA%

(Required for password policy support)

Specifies the attribute that tracks password policy information.

%PASSWORD_HINT%

(Required)

Contains user-specified question and answer pairs. The question and answer pairs are used in case of forgotten passwords.

%USER_ID%

(Required)

Stores a user’s login ID.

More information:

Organization Management