Authorization grants or denies access to protected resources based on the established user identity. Thus, an authorization system acts, based on the results of the authentication system, to authorize access to restricted application features and data. Permissions describe what actions a user identity or role can perform on a protected resource. User roles allow multiple user identities to comprise a group that shares the same permissions to protected resources. Once authenticated, a given user identity automatically inherits the permissions associated with the identity and any user role (or roles) to which it is assigned. For example, a security administrator role might allow any user who is assigned that role to manage user accounts and all other security functions in an application.

In OpenEdge, authorization using permissions is supported in ABL (Advanced Business Language) to match users against capabilities defined in the OpenEdge RDBMS, both at compile-time and run-time. OpenEdge also supports a different model of authorization based on privileges for SQL database clients. OpenEdge supports user roles in the OpenEdge RDBMS, in auditing, in the Web Services Adapter (WSA), and in OpenEdge Explorer and OpenEdge Management. For more information on OpenEdge support for authorization, see Security in OpenEdge OpenEdge Getting Started: Identity Management.