Authorization is the process of using a user's security token to control access to resources and the operations they can perform on those resources. These operations, including access to data, are typically controlled by a set of access controls associated with the user's identity. These access controls implement the authorization model used to regulate user access.
SQL — A default closed model that prevents all access to databases, tables, fields, and views unless a specified access
privilege is explicitly granted to a user. OpenEdge SQL clients follow this model.
ABL — An default open model that grants all access to databases, tables, and fields unless an access
permission is explicitly restricted from a user. All ABL sessions and database utilities follow this model.
For both models, the access privileges or permissions are set based on the user ID stored in the user's security token (see
Specifying a user ID for OpenEdge authentication). For a non-multi-tenant database, only a non-qualified user ID (user name only) is recognized. For a multi-tenant database, a fully-qualified user ID (including the user and domain name) is both recognized and required. In the SQL model, to authorize privileges for a given user, you must specify the user's complete user ID, or a list of complete user IDs for more than one user. In the ABL model, to authorize permissions, you can specify lists of user ID patterns that can include wild-card and other characters that identify the access permissions for one or more users.
This section provides an overview of OpenEdge authorization components that are common to both of its authorization models, including tenant and role authorization. For a more detailed overview of how to configure and implement authorization for both models, see
Configuring and Implementing Authentication in OpenEdge.
