OpenEdge Development:<br />Progress Dynamics Basic Development Security user types

User types are the who of the security system. The Progress Dynamics framework provides a built-in mechanism for defining several user types. Security user types are authorized application users (users), abstract users (profile users), and groups of such users (groups).

User — An individual authorized to use your application.

User profile (retained for backward compatibility) — A preset security definition that can be applied to any number of users as a base security definition for that user. You can modify the security definitions of actual application users that have a profile applied. Changes made to the actual user do not alter the associated profile or alter the security definition of other users with that profile. If you change the user profile, existing users associated with it do not automatically inherit the changes. You control the propagation of security allocations to the profile users. The functionality of user groups has been largely replaced in the new security model by groups.

Group — A collection of users and other groups aggregated to efficiently assign common security definitions. For example, you can use a group to represent the users who have the role of application administrators. Thus, you can alter the security definition of all administrators by altering the security definition of the group. Dynamics security groups are not hierarchical. For example, suppose a new employee is part of the Trainee group, which does not allow access to customer information, but the new employee is also a member of the Executive group, which does allow this access. In this case of direct conflict between two settings for the exact same access right, the security system grants the user the least restrictive access rights it finds associated with the user. There is no notion of rights defined in one group overriding rights defined in another group.

Group security allocations are inherited by users at session startup, but they are not physically duplicated under each user. This is different from user profiles. Because of this difference, you do not need to take any further action after making a change to group security to have it affect all appropriate users.

Notes: You can use security groups to consolidate other security groups. If a security group does not have any security definitions of its own, Progress Dynamics does not include it in security checks. This approach minimizes overhead and maximizes performance. Once a group has one or more security definitions, Progress Dynamics includes the group in its security checking.

When allocating security at the user level, the Security Control tool displays a radio set allowing the administrator to turn security on or off for the particular user. Security assigned in this way always overrides security allocations at the group level.