SETUSERID function

Authenticates a user identity for a specified database connection, verifying that the user ID and password supplied to the SETUSERID function match a user account in the _User table of the database. (This restriction does not apply to authentication with an STS-enabled database. See notes below for more information.) If they match, the database connection is set to the specified user identity and the function returns a TRUE value. If the database is multi-tenant, is also sets the user's tenancy.

If the user ID is not in the _User table or the password is incorrect, SETUSERID returns a FALSE value and does not assign the user identity to the database connection. You can also check the ERROR-STATUS system handle for any messages returned.

Note:

Using this function overrides user identity previously set for the database connection by either the SECURITY-POLICY:SET-CLIENT( ) method or the SET-DB-CLIENT function.

This function authenticates user identities only against user accounts defined in the _User table of a connected OpenEdge RDBMS. To authenticate against additional OpenEdge-supported and application-defined authentication systems, use the SET-CLIENT( ) method or the SET-DB-CLIENT function, instead.

Syntax

SETUSERID ( userid , password [ , logical-dbname] )
userid

A literal value, field name, variable name, or expression that results in a character value that represents the user's user ID. If you use a literal value, you must enclose it in quotation marks ("").

If the user is defined in a non-default domain, this value must be a fully qualified user ID, including both the non-qualified user ID and domain separated by a domain delimiter (@). If the user is defined in the default (blank) domain, only a non-qualified user ID (without a domain delimiter) must be specified. For more information on specifying a fully qualified user ID, see the reference entry for the QUALIFIED-USER-ID attribute.

Note: The default blank domain provides backward compatibility with OpenEdge releases that do not support domains as part of a user's identity.
password

A literal value, field name, variable name, or other character expression that results in a character value that represents the user's password. If you use a literal value, you must enclose it in quotation marks ("").

Alternatively, you can encrypt the password using the ENCRYPT-AUDIT-MAC-KEY( ) method. For more information, see the documentation on encrypted passwords in OpenEdge Development: Programming Interfaces.

logical-dbname
The logical name of the database on whose connection you want to check and set the user identity. The logical database name must be a character string enclosed in quotes, or a character expression. If you do not specify this argument, the compiler inserts the name of the database that is connected when the procedure is compiled. If you omit this argument and more than one database is connected, ABL raises an error.

Notes

See also

Client-principal object handle, CONNECT statement, ENCRYPT-AUDIT-MAC-KEY( ) method, SET-CLIENT( ) method, SET-DB-CLIENT function, USERID function