Try OpenEdge Now
skip to main content
Identity Management
How is OpenEdge Identity Managed? : OpenEdge authorization

OpenEdge authorization

Authorization is the process of using a user's security token to control access to resources and the operations they can perform on those resources. These operations, including access to data, are typically controlled by a set of access controls associated with the user's identity. These access controls implement the authorization model used to regulate user access.
The OpenEdge RDBMS supports two different authorization models:
*SQL — A default closed model that prevents all access to databases, tables, fields, and views unless a specified access privilege is explicitly granted to a user. OpenEdge SQL clients follow this model.
*ABL — An default open model that grants all access to databases, tables, and fields unless an access permission is explicitly restricted from a user. All ABL sessions and database utilities follow this model.
For both models, the access privileges or permissions are set based on the user ID stored in the user's security token (see Specifying a user ID for OpenEdge authentication). For a non-multi-tenant database, only a non-qualified user ID (user name only) is recognized. For a multi-tenant database, a fully-qualified user ID (including the user and domain name) is both recognized and required. In the SQL model, to authorize privileges for a given user, you must specify the user's complete user ID, or a list of complete user IDs for more than one user. In the ABL model, to authorize permissions, you can specify lists of user ID patterns that can include wild-card and other characters that identify the access permissions for one or more users.
This section provides an overview of OpenEdge authorization components that are common to both of its authorization models, including tenant and role authorization. For a more detailed overview of how to configure and implement authorization for both models, see Configuring and Implementing Authentication in OpenEdge.
* Tenant authorization
* Role-based authorization