Try OpenEdge Now
skip to main content
Identity Management
Configuring and Implementing Authorization in OpenEdge : Tenant data access
 

Tenant data access

Both models allow you to control data access for tenant and super-tenant identities based on a user's domain. For SQL, this is determined by a combination of domain membership, domain tenancy, and the role or roles that are granted. For example, a regular-tenant user in one domain can grant privileges only to another user in the same domain. However, an SQL user who is granted the DBA role can grant privileges to users in any domain, and therefore with any tenant identity.The actual granting and revoking of SQL roles and privileges is done for tenant data access using lists of fully qualified user ID's.
In ABL, a single ACL can deny or grant a table or field access privilege to all users of a domain or to specific users of a domain, and therefore to specified users with a given tenant identity, and this access (as for all data access) must be configured by a user who is a security administrator. For some examples, see Table 9.