Logon validation is a mechanism that checks user identification and password at connection time using reference data stored in the OpenEdge RDBMS.
In the OpenEdge RDBMS, the reference table storing user identifications and passwords serves both OpenEdge SQL and ABL interfaces. Use the CREATE USER statement to enable authentication from the SQL interface. Use the OpenEdge Data Administration tool to enable authentication from the ABL interface. Authentication can be disabled from either interface.
In addition, ABL and SQL both support authentication to the operating system (OS) user accounts (in Windows or UNIX, wherever the OpenEdge process runs). If no users are defined in the _User table accounts, ABL can either authenticate to the OS user accounts or connect (without authentication) using the OpenEdge default user ID; however, SQL must authenticate a user to one or the other set of user accounts in order to access a database.
The accounts used depend on the domain in which the user authenticates. A domain configured with the _oeusertable authentication system supports authentication to the _User table accounts; a domain configured with the _oslocal authentication system supports authentication to the OS user accounts. For more information, see OpenEdge Getting Started: Identity Management.
Creating, altering, or dropping a user via SQL is equivalent to creating, maintaining, or deleting a user with the OpenEdge Data Administration tool. The _User table accounts updated for the OpenEdge SQL interface are updated for the ABL interface and vice versa.
In an environment where an OpenEdge RDBMS is accessed by applications using both ABL and SQL, the following conditions exist:
If no users have been created in the database — All SQL users will be required to enter a username and password before they will be permitted access to the database.
If users have been created in the database — Users accessing the database through the ABL interface are required to provide an identification and password, unless the default blank user ID access is allowed. Furthermore, users working from the interface by default have unlimited privileges. The DBA who controls access from the interface must place limitations on user privileges or restrict access to certain database objects. SQL users, by default, have no privileges and must be explicitly assigned.