OpenEdge supports two basic authorization models, both of which rely on different types of access control lists (ACLs):
SQL model — Where all access to database resources is denied by default and must be granted to a user identity as a privilege using a GRANT statement. This privilege can later be revoked using a REVOKE statement. For more information on the SQL model, see OpenEdge Data Management: SQL Development and OpenEdge Data Management: SQL Reference.
ABL model — Where all access to database resources is granted by default, and must be specifically limited in order to deny access to particular tables and fields. These access controls can be configured by editing table and field permissions in data security using the database administration tools. These permissions can control access to a database through:
Database command-line utilities
Database administration tools
ABL clients
You can also manually control access to ABL application features using the CAN-DO function by checking a given user ID against permissions that are similar to those used to control access to tables and fields.
SQL model — Where all access to database resources is denied by default and must be granted to a user identity as a privilege using a GRANT statement. This privilege can later be revoked using a REVOKE statement. For more information on the SQL model, see OpenEdge Data Management: SQL Development and OpenEdge Data Management: SQL Reference.