Try OpenEdge Now
skip to main content
Programming Interfaces
Data Management : Application Security : Authenticating and managing user identity in ABL : Authenticating and setting user identity : User ID (-U) and Password (-P) database connection parameters
 
User ID (-U) and Password (-P) database connection parameters
This is the minimum command-line syntax to connect a single database, where AVM-startup is an ABL client startup command (or executable), such as mpro (or prowin32), userid and password specify a user ID and passphrase (user account password), and physical-dbname identifies a database to be connected:

Syntax

AVM-startup -db physical-dbname -U userid -P password
This is the equivalent CONNECT statement syntax:

Syntax

CONNECT { physical-dbname "-U userid -P password" }|
        {"-db physical-dbname -U userid -P password" }
When provided on the AVM startup command line or in options of the CONNECT statement (see Databaseconnections), OpenEdge authenticates the specified user credentials to connect a particular OpenEdge database. If OpenEdge successfully authenticates the specified identity, along with creating the database connection with that identity, it creates and seals a client-principal object in the LOGIN state with the QUALIFIED-USER-ID and PRIMARY-PASSPHRASE attributes set from the input user credentials and all other properties and attributes of the object set to default values. Sealing the object with user credentials provided using the -U/-P connection parameters also generates an auditable event to start a user login session. Using either the command-line or the CONNECT statement, OpenEdge always authenticates the identity and seals the client-principal object using the local domain registry for the specified database.
Caution: If you connect an OpenEdge database without specifying -U/-P, OpenEdge automatically connects the database with a default OpenEdge identity and also creates and seals a client-principal with that default identity, gaining access to the database without authentication. However, you cannot use a client-principal sealed with a default identity in an SSO operation to assign the identity to a database connection or ABL session, because the domain access code used to seal the object is not available in any trusted domain registry used to validate the object identity. To ensure that a database connection started from the command line has an authenticated identity, you can require input of a user ID and password and authenticate them using one of the ABL elements that sets the identity for an established connection.