Sets or reads the values of the USER-ID attribute (user name) and DOMAIN-NAME attribute separated by the '@' domain delimiter. This value represents a fully qualified user identity that you can use to establish identity in ABL sessions or database connections using the SECURITY-POLICY:SET-CLIENT( ) method or the SET-DB-CLIENT function. This user ID is then used to authorize such actions as accessing resources (run-time permissions checking) and providing an auditing identity, among other things. For a multi-tenant database connection, the user's identity also establishes the user's database tenant organization.
Data type: CHARACTER
Access: Readable/Writeable
Applies to: Client-principal object handle
You can write a character expression to this attribute using one of the formats in the following table, where user-name is a specified value for the USER-ID attribute and domain-name is a specified value for the DOMAIN-NAME attribute.
This format... | Writes... |
---|---|
"" | The blank user in the blank domain |
"@" | The blank user in the blank domain |
"@domain-name" | The blank user in the specified domain |
"user-name" | The specified user in the blank domain |
"user-name@" | The specified user in the blank domain |
"user-name@ domain-name" | The specified user in the specified domain |
When you read this attribute, it can return the values shown in the following table.
This value is returned... | For... |
---|---|
"" | The blank user in the blank domain |
"@domain-name" | The blank user in the specified domain |
"user-name" | The specified user in the blank domain |
"user-name@ domain-name" | The specified user in the specified domain |
Unknown value (?) | USER-ID or DOMAIN-NAME attributes that have not yet been set |
Once the client-principal object is sealed, this attribute is read-only, and attempting to write to it raises a run-time error.
ABL also raises ERROR if you attempt to assign: