Try OpenEdge Now
skip to main content
Getting Started
Administering OpenEdge Management and OpenEdge Explorer : Configuring user authentication : Understanding OEAG authentication in OpenEdge Management : Accessing OpenEdge Management resources
 
Accessing OpenEdge Management resources
OpenEdge Management performs authentication and authorization checks for every call made to each resource by a client. The client can be a web browser or Progress Developer Studio for OpenEdge (PDSOE) via HTTP. Once the user authentication is successful, specific permission is required to access a resource and perform an action on that resource such as starting a server or changing a property.
Note: Progress Developer Studio for OpenEdge (PDSOE) uses basic HTTP authentication to authenticate requests to OpenEdge Management. OpenEdge Management does not cache authentication credentials. When using PDSOE as a client for OpenEdge Management that is configured to use OEAG authentication, a PDSOE authentication request to OpenEdge Management results in sending the request to the OEAG server. This set up is not considered efficient.
If you are an administrator, you can configure user permissions based on the role of the user in OpenEdge Management. OpenEdge Management provides the following roles with default configuration:
*PSCAdmin — This role has full permissions within OpenEdge Management.
*PSCOper — This role has limited permissions which can further be modified by an administrator.
*PSCTrend — This role has permissions to access very few resources that are required to provide remote trending operations via HTTP call from one OpenEdge Management installation to another.
In property-file based authentication, the property-file in the OpenEdge Management installation directory stores and assigns the role information to a user. When you enable OEAG authentication in OpenEdge Management, instead of a property-file, the authentication token returned by the OEAG server assigns the role information to a user.
To perform authentication and authorization checks, OpenEdge Management retrieves the user role information from the authentication token returned by the OEAG server. If the user role information contains one of the roles supported by OpenEdge Management, the authentication request will be successful allowing the user to log into the management console.