Maintaining Application Security

OpenEdge® applications can use two basic types of user authorization: application authorization, which prevents unauthorized ABL application authenticated users from running application procedures and using other types of application resources, and database authorization, which prevents unauthorized ABL application authenticated users from modifying database tables and fields. (When a database is initially created, every user is a security administrator.) Application authorization always functions at run time using developer-defined privileges.

OpenEdge provides four types of database authorization: compile-time authorization ensures that only authorized users can compile procedures that access protected tables and fields at compile time; run-time authorization ensures that only OpenEdge authorized users can access database tables and fields when any ABL session (.p or .r) runs; connection authorization ensures that only OpenEdge authenticated users can connect to an OpenEdge database; and security authorization ensures that only authorized security administrators can manage table and field permissions or the records contained in certain security-related meta-schema tables.

OpenEdge also relies on security mechanisms at the operating system level to ensure that only authorized users access r-code, procedure libraries, and database files.

For information about establishing and maintaining connection security, schema security, and database file security, see OpenEdge Data Management: Database Administration. In addition to the security features described in this chapter, OpenEdge supports secure connections between ABL (Advanced Business Language) client and server components on the network using the Secure Sockets Layer (SSL). For more information, see OpenEdge Getting Started: Core Business Services - Security and Auditing.

This chapter provides details about user authorization, database authorization, and other security features in the following sections: