The Validation feature allows you to validate provisioning objects on the local file system before you deploy. The validation runs Designer’s project checker and displays the results in the Project Checker view.
To validate objects:
From the Provisioning view: Right-click a node, then click .
From the directory abstraction layer editor: Click from the editor’s toolbar, or select from Designer’s menu.
From the provisioning request definition editor: Select from Designer’s menu.
From the provisioning team editor: Select from Designer’s menu.
NOTE:Validation does not check the Identity Vault for the existence of any object.
Designer does the following:
Verifies that the XML is well-formed and complies with the schema that defines the elements needed for entities, attributes, lists, relationships, and so on.
Checks every entity to ensure that references to other entities and global lists are valid.
For example, when validating an entity and its attributes, the validator checks that all references to other entities via the Edit Entity, DNLookup, and Detail Entity references exist.
Ensures that every entity has at least one attribute defined.
Ensures that every local and global list contains at least one item.
Designer does the following:
Validates that every Provisioning Request Definition has at least one request form and one approval form.
Ensures that the Condition Activity has both an outbound true flow path and an outbound false flow path.
Ensures that the Entitlement Activity Data Item Mapping for DirXML-Entitlement-DN is valid.
Ensures that the Final Timeout Action property (for User Activities) has a matching flow path link leading from the activity. For example, if Final Timeout Action=denied, there must be a denied link.
For Branch and Merge activities, ensures that a workflow has an equal number of Branch and Merge activities. It also ensures that all paths descending from a Branch activity merge into one Merge activity, that all merge activities have a branch activity, and that all Merge activities have a branch-activity-id attribute.
Ensures that static list keys contain the correct data for the decimal data type.
Designer does the following:
Validates that managers and members have been defined for the team.
Validates that team requests are specified for the team.
If the request scope is Categories, it validates that the team request actually references a category.
Designer does the following:
Ensures that the value should be a number between 0 and 100. Validation rules take into consideration that a percentage can be entered.
Ensures that the is a positive number.
Ensures that Display Names and Descriptions use supported locales.
Ensures that the Provisioning Request Definitions defined for the Role Approval and SoD Conflict Approvals are valid, are not templates, and whose process types match properly.
Separation of Duties (SoD) approvers must exist and be valid.
Before deployment, Designer validate that:
The category exists
The description is provided for all supported languages.
The Quorum is a valid expression
Approvers are present when the approval type is set to standard serial or parallel.
On deploy, Designer validates that the following objects exist in the Identity Vault:
The entitlement
The owner
The Role Trustees
The lower-level roles
Groups
Containers
Approvers
Provisioning request definition
For the User Application driver locales, Designer ensures that the locales contain descriptions and display names. You can turn off the validation of display names for each locale by setting a preference. For more information, see Section 2.3, Setting Provisioning View Preferences.