# TEST: SECURITY-UM-09

## References

* [User Management](https://help.santesuite.org/installation/installation-1/deployment/installing-software/santedb-server/installation-qualification/security-administration-testing/test-cases-for-ui-1/user-management-tests/broken-reference)

## Discussion

Password strength is determined by use of:

* Both uppercase and lowercase alphabetical characters.
* Symbols.
* Numbers.
* More than 10 characters.

As more of each of the items listed above are used, the password is stronger. **Very Weak**, **Weak**, and **Moderate** password strengths are not valid.

## Pre-Conditions / Setup

1. User must be logged into an account with policies granted for creating users.
2. Navigate to **Administration Panel / Security / Users / Create User** by clicking the **Create** button on the **Administration Panel / Security / Users / Index** page.

## Actions/Steps

1\. Enter either "Clinic\@l" for a **Moderate** password or "Clinic" for a **Weak** password or "Clini" for a **Very Weak** password into both **New Password** and **Confirm Password** textboxes.

## Expected Behaviour

* A status bar should be displayed yellow or red or not at all.
* Status bar is labelled to the right of the status bar as either **Moderate** (using "Clinic\@l"; shown below) or **Weak** (using "Clinic") or **Very Weak** (using "Clini").

![](https://3421852694-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LZ0_pjgTp_kx4hqTZ3a%2F-Mdv3cmgea9JLYkQ8EWA%2F-Mdv8J_JfhXMH-HhK5s7%2Fimage.png?alt=media\&token=bc25e409-4d5a-4bdf-993b-565963c40fea)

* When all other required fields are provided, clicking **Save** should prompt a **Business Rules Violation** modal with a message stating "password failed validation".

![](https://3421852694-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LZ0_pjgTp_kx4hqTZ3a%2F-Mdv3cmgea9JLYkQ8EWA%2F-MdvARyf_T-fg7P-qc3a%2Fimage.png?alt=media\&token=a27c08c7-9db1-4635-a858-9d51e2a129ce)