OpenEdge Development:<br />Programming Interfaces Managing identities

OpenEdge supports different types of user identities for different purposes. Depending on how you authenticate and set a user ID, and the database options you configure, that user ID can assume one of four possible identities:

Database connection identity — A database connection ID is a user ID that is always associated with a specific connected OpenEdge RDBMS. An OpenEdge RDBMS authorizes all database connections and access specific database tables and fields using the database connection ID. You can set the database connection ID from a user ID that is authenticated using either the OpenEdge internal authentication system (_User table) or using an external authentication system. The Progress 4GL USERID function returns the current database connection ID for a database connection, regardless of how it is set.

Progress session identity — A Progress session ID is a user ID that is associated with a given Progress 4GL session, independent of any database connections. The Progress session ID can thus be used to authorize or identify user access to application features in a database-independent fashion. These can be features that are entirely application defined or that are supported specifically by OpenEdge, such as the auditing identity (see next bullet). You can set the Progress session ID from a user ID that is authenticated using an external authentication system.

Application user identity — An application user ID is a common user ID established by an n-tier application for use by all Progress sessions that participate in handling a single user action or request. Typically, the application user ID is shared between a single OpenEdge AppServer client and the AppServer agent or agents that process client requests. Depending on the application session model, this single application user ID can also be shared between a single Progress client session and multiple AppServer instances. Any given Progress session can use the application user ID to set the Progress session ID and any or all database connection IDs required by that session. You can set the application user ID from a user ID that is provided by a single controlling (typically client) session and that is authenticated using an external authentication system. For more information on n-tier applications, the OpenEdge AppServer, and application session models, see OpenEdge Getting Started: Application and Integration Services .

Auditing identity — An auditing ID is the designated user ID that OpenEdge auditing records in audit event records for an audit trail. There is no functionally independent auditing ID. Instead, the auditing ID is set from one of the other established identities, depending on application configuration. By default, the auditing ID for the audit trail recorded by a given database is the database connection ID for that database. However, you can also set a database option to set the auditing ID from the Progress session ID of any Progress session that connects to the database. In this way, you can configure auditing for every database that is connected from a given Progress session so that all audit trails for that session are associated with the same user ID. For more information on auditing identity, see OpenEdge Getting Started: Core Business Services .

In any given application, you might use none, some, or all of these user identities to secure or identify features and data. Also, the management of user identities can be more or less complex depending on whether your application is client/server or n-tier. The Progress 4GL provides tools to handle both.

The Progress 4GL also provides functions for creating and managing unique identities for software objects. OpenEdge creates its own unique identities, for example, for audit data and physical databases. You can also use these functions to generate unique identities for more abstract objects that you maintain, such as client sessions and other objects associated with your application.

The following sections describe how to establish and manage the identities supported in OpenEdge: