Establishing ABL session identity

Programming Interfaces

Data Management : Application Security : Authenticating and managing user identity in ABL : Establishing ABL session identity

An ABL session identity can serve a variety of functions, including as a:

Single session-wide and database-independent identity for authorizing application-defined features

Single session-wide database connection identity for all database connections in an ABL session (see Establishing database connection identity )

As a session-wide auditing identity (see Establishingauditing identity)

Single application-wide identity for all ABL sessions and database connections in a multi-tier application (see Establishing and managing identity for multi-tier applications)

If you do not explicitly set it, the ABL session identity is undefined, with the client-principal handle value returned by the SECURITY-POLICY:GET-CLIENT( ) method set to the Unknown value (?). You can also clear an existing ABL session identity, which resets the effective session identity to the unknown identity.

To set an ABL session identity, you must build a session domain registry for the session at run time in order to assert and validate an authenticated user identity as a valid ABL session identity for SSO, and optionally as a database connection identity. For more information, see Setting up and using domain registries.

In this section:

Setting the ABL session identity