Try OpenEdge Now
skip to main content
Programming Interfaces
Data Management : Auditing : Setting up application security for auditing : Configuring the auditing identity
 
Configuring the auditing identity
By default, OpenEdge uses the database connection ID (regardless of how you set it) as the auditing ID for a given audit-enabled database. You can set the database connection ID from a user ID that you authenticate to one of the following authentication systems, depending on the mechanism you use to set it:
*The OpenEdge internal authentication system (_User table)
*An external authentication system validated using a database or application trusted domain registry
For more information authentication systems and trusted domain registries, see the information on identity management in OpenEdge Getting Started: Core Business Services - Security and Auditing.
Note: Typically, both to better secure your database and to ensure that there is a meaningful auditing ID, you can select the Disallow Blank UserId option, also in the Database Options dialog box. This prevents a blank user ID from connecting to the database.
Instead of using the database connection ID, you can specify the OpenEdge session ID as the source for the auditing ID (regardless of the database connection ID setting), using the Data Administration tool or the character-mode Data Dictionary.
To specify the OpenEdge session ID as the source for the auditing ID, in the Database Options dialog box (accessed from the Admin menu), select the Use Application User Id for Auditing option.
When you select this option, OpenEdge uses the OpenEdge session ID (regardless of how it is set) as the auditing ID for the configured database. For more information on setting the auditing ID in your application code, see Assertingthe auditing identity. You typically set the OpenEdge session ID from a user ID that you authenticate to an external authentication system and validate to a corresponding authentication domain entry in the application trusted domain registry.
You can also achieve the same effect of having the auditing ID set from the OpenEdge session ID, by setting another database option, Trust Application Domain Registry. With this option set, when you assert an externally authenticated user ID as the OpenEdge session ID this also asserts the database connection ID using the same user ID, which by default is the auditing ID.
For more information on the database connection ID and the OpenEdge session ID, see ApplicationSecurity .
The following section provides more information on how you can set the auditing ID in your application, depending on the user identity you use as its source.