Try OpenEdge Now
skip to main content
Managing ABL Applications
ABL and R-code Deployment and Management : Maintaining Application Security : Database table- and field-level security : Determining the privileges of the blank user ID
 
Determining the privileges of the blank user ID
By not specifying the User ID (-U) and Password (-P) connection parameters when connecting to a database (at startup or in the CONNECT statement), the user can access the database with a default user identity that has the blank user ID or the OS process user ID.
You can also authenticate a blank ("") user ID for a database connection by connecting to a database (at startup or in the CONNECT statement) with the User ID (-U) and Password (-P) connection parameters with no value specified for -U, or by using an ABL function or method like SET-DB-CLIENT () to explicitly set a blank user identity for an existing database connection.
For more information on these connection parameters and ABL functions and methods for setting database connection identity, see OpenEdge Getting Started: Identity Management and OpenEdge Development: Programming Interfaces.
Any user can use OpenEdge or an OpenEdge application with a blank user ID and access tables and fields in the database as long as the following conditions are all met:
*The database is configured to allow blank user ID connections (the default)
*The table- and field-level permissions permit it (blank user ID) (the default)
*The procedures being run are precompiled with table/field access authorized
As the security administrator, you can deny privileges to the blank user ID to ensure that users with blank user ID do not gain access to the data by following these steps.
Note: These steps must be performed every time a new table is added to the database.
To restrict blank user ID access privileges:
1. Access the Data Administration tool if you are using a graphical interface or the Data Dictionary if you are using a character interface.
2. Choose AdminSecurityDisallow Blank Userid Access. OpenEdge prompts you to verify that you want to prevent users with blank user IDs from accessing the working database.
3. Choose Yes. OpenEdge denies the user all security permissions and inserts an exclamation point (!) at the beginning of all the table and field permissions for the database. You can restore a blank user ID's access to selected tables and fields by modifying the permissions.
Note: You can also restrict a blank user ID from connecting to a database by setting the Disallow Blank UserId Connections option in the Database Options dialog box. For more information, see the online help for the Data Administration tool and OpenEdge Development: Basic Database Tools.