Specifying run-time permissions checking

Managing ABL Applications

ABL and R-code Deployment and Management : Maintaining Application Security : Database table- and field-level security : Specifying run-time permissions checking

By default, database authorization is always applied at compile time, which does not protect access to the database against ABL .p or .r code compiled outside of your application. Optionally, you can specify that the table and field security permissions are checked and enforced by the OpenEdge run time for all ABL sessions, regardless of compile time authorization.

Note: Table and field security permissions for the _Sequence metaschema table are checked and enforced at both compile time and run time by default.

Database permissions are applied to an authenticated user whose identity is set for a database connection through the User ID (-U) and Password (-P) startup parameters and the following ABL functions and method:

SECURITY-POLICY:SET-CLIENT() method

SET-DB-CLIENT() ABL function

SETUSERID() ABL function

For more information on these security startup parameters, functions, and methods, see OpenEdge Getting Started: Identity Management and OpenEdge Development: Programming Interfaces.

To include run-time permissions checking:

1. Connect to the database.

2. Access the Data Administration tool if you are using a graphical interface or the Data Dictionary if you are using a character interface.

3. Choose Database Options > Admin. The Database Options dialog box appears.

4. Check the Use Runtime Permissions Checking option, as shown:

5. Click OK.

Now when you set database table and field permissions, they will apply at run time in addition to compile time.