OpenEdge Development:<br />Programming Interfaces Progress 4GL for managing user identities

The 4GL for managing user identities consists of the elements shown in Table 2–1.

Table 2–1: Progress 4GL elements for managing user identities
This 4GL element...	Provides this identity management function...
`SETUSERID` function	Authenticates and sets a specified user ID as the database connection ID using the `_User` table of a connected OpenEdge RDBMS.
Client-principal object handle	Starts and maintains a client login session for a previously authenticated user ID. The client principal object contains various information about the login session, including information necessary to validate and set the user identity according to an appropriate trusted domain registry.¹,²
`CREATE` `CLIENT-PRINCIPAL` statement	Creates a client-principal object used to start and maintain a given client login session.
`SET-DB-CLIENT` function	Given a user ID provided with a specified client-principal object and a connected OpenEdge RDBMS, asserts and validates the user ID as a database connection ID for the connected database using a database trusted domain registry.¹
`SECURITY-POLICY` system handle	Provides methods for building an application trusted domain registry and for validating Progress session IDs against that registry to establish a default Progress session ID.²
`SET-CLIENT( )` method of the `SECURITY-POLICY` system handle	Given a user ID provided with a specified client-principal object, asserts and validates the user ID as a Progress session ID using the application trusted domain registry, and asserts and validates the same user ID as a database connection ID for any connected database that does not already have a database connection ID.²

¹Each OpenEdge RDBMS can have a trusted domain registry that you configure with information about each external authentication system (authentication domain) that you trust to authenticate and set user IDs as database connection IDs. The database can optionally trust the application trusted domain registry, instead, to set database connection IDs.

²Each Progress 4GL session can have an application trusted domain registry that you build at run time with information about each external authentication system (authentication domain) that you trust to authenticate and set user IDs as Progress session IDs, and optionally as database connection IDs.

The actual 4GL required for managing identities depends on your application security architecture, how you authenticate a given user ID, and the type of identity it is intended to assume. For more information on trusted domain registries and how they are used in OpenEdge, see the information on identity management in OpenEdge Getting Started: Core Business Services .