QUALIFIED-USER-ID attribute

Sets or reads the values of the USER-ID attribute (user name) and DOMAIN-NAME attribute separated by the '@' domain delimiter. This value represents a fully qualified user identity that you can use to establish identity in ABL sessions or database connections using the SECURITY-POLICY:SET-CLIENT( ) method or the SET-DB-CLIENT function. This user ID is then used to authorize such actions as accessing resources (run-time permissions checking) and providing an auditing identity, among other things. For a multi-tenant database connection, the user's identity also establishes the user's database tenant organization.

Data type: CHARACTER

Access: Readable/Writeable

Applies to: Client-principal object handle

You can write a character expression to this attribute using one of the formats in the following table, where user-name is a specified value for the USER-ID attribute and domain-name is a specified value for the DOMAIN-NAME attribute.

Formats for assigning the QUALIFIED-USER-ID attribute
This format... Writes...
"" The blank user in the blank domain
"@" The blank user in the blank domain
"@domain-name" The blank user in the specified domain
"user-name" The specified user in the blank domain
"user-name@" The specified user in the blank domain
"user-name@ domain-name" The specified user in the specified domain

When you read this attribute, it can return the values shown in the following table.

Values returned when reading the QUALIFIED-USER-ID attribute
This value is returned... For...
"" The blank user in the blank domain
"@domain-name" The blank user in the specified domain
"user-name" The specified user in the blank domain
"user-name@ domain-name" The specified user in the specified domain
Unknown value (?) USER-ID or DOMAIN-NAME attributes that have not yet been set

Once the client-principal object is sealed, this attribute is read-only, and attempting to write to it raises a run-time error.

ABL also raises ERROR if you attempt to assign:

See also

INITIALIZE( ) method, DOMAIN-NAME attribute, USER-ID attribute