Release 10.1A: OpenEdge Getting Started:
Core Business Services

Authorization

Authorization grants or denies an entity access to capabilities based on the entity’s validated identity. Thus, an authorization service acts, based on the results of the authentication service, to authorize a user access to restricted application features and data. Two common authorization mechanisms are permissions and user roles. Permissions associate users with capabilities. Once authenticated, a given user automatically inherits the associated capabilities. User roles are predefined (or assignable) user categories that permit access to well-defined capabilities. For example, a security administrator role might allow any user who is a member of that role to manage user accounts and all other security functions in an application.

In OpenEdge, authorization is supported using permissions in the Progress 4GL for compile-time features and run-time functions to match users against capabilities defined in the OpenEdge RDBMS. OpenEdge supports authorization based on user roles for managing the Web Services Adapter (WSA). For more information on OpenEdge support for authorization, see Chapter 2, " Security in OpenEdge."