Try OpenEdge Now
skip to main content
Identity Management
Configuring and Implementing Authentication in OpenEdge : Defining and configuring security domains : Identifying the tenant to which a domain belongs
 

Identifying the tenant to which a domain belongs

In a non-multi-tenant database, there is no tenant to identify, as a non-multi-tenant database has only a single tenancy that all users share. In a multi-tenant database, you must identify a tenant for every domain that you configure. Any tenant you identify in a domain configuration must already be configured in the database. Initially, a multi-tenant database has one default regular tenant pre-configured with the name, "Default". There are no super tenants configured in a database unless you create them.
In essence, tenancy provides authorization for a user to access data that is owned by a regular tenant or effectively owned by a super tenant. A user with regular-tenant authorization accesses only the tenant's own data in multi-tenant tables, as well as all the data in tables shared by all tenants. A user with super-tenant authorization can potentially access all the data in all tables, similar to a real tenant. However a super-tenant user's data access capabilities also depends on their ABL user permissions or SQL user privileges settings for table and field access, exactly any regular-tenant user.
In addition, through table and field permissions set on a domain, you can create a regular-tenant or super-tenant authorization pass with specific data access permissions for the configured tenant. You can also create as many domains for a single tenant as you need to provide the variety of data access controls that you require for the tenancy. For more information on multi-tenancy, see OpenEdge Getting Started: Multi-tenancy Overview. For more information on configuring tenants, see documentation on multi-tenant database configuration using the Database Administration Console. For more information on setting access permissions on domains, see Configuring and Implementing Authentication in OpenEdge.
In any case, by providing the name of a tenant in a domain configuration, all users that are members of this domain assume the configured tenancy when their user identity is authenticated for a connection to this multi-tenant database.
Note: Because the domain configuration for each multi-tenant database specifies the regular or super tenant through which a user accesses the database, when a given user identity is authenticated for a different database, the name of its regular or super tenant can also be different.