Release 10.1A: OpenEdge Getting Started:
Core Business Services

Managing user identity

Managing user identity includes, among other things, the processes of authentication and authorization. Authentication is the process of verifying a user’s identity, and authorization is the determination of what data the authenticated user can access and/or which actions and operations the user can perform.

In addition to authentication and authorization of a user, identity management also includes how, where, and when you assert a user ID (in other words, how you use the user ID) once you authenticate it. Table 4–1 lists and describes each user ID type and purpose.

Table 4–1: OpenEdge user identities

Identity type	Description
Database connection identity	A user ID that has been authenticated by the database connection. An OpenEdge RDBMS authorizes all database connections and access to specific database tables and fields using the database connection ID. You can set the database connection ID from a user ID that is authenticated using either the OpenEdge internal authentication system (_User table) or an external authentication system. The Progress 4GL USERID function returns the current database connection ID for a database connection, regardless of how it is set.
Progress session identity	A user ID that is associated with a given Progress 4GL session, independent of any database connections. The Progress session ID can be used to authorize or identify user access to application features in a database-independent fashion. These can be features that are entirely application-defined or that are supported specifically by OpenEdge, such as the auditing identity. You can set the Progress session ID from a user ID that is authenticated using an external authentication system.
Application user identity	A common user ID established by an n-tier application for use by all Progress sessions that participate in handling a single user action or request. Typically, the application user ID is shared between a single OpenEdge AppServer client and the AppServer agent or agents that process client requests. Depending on the application session model, this single application user ID can also be shared between a single Progress client session and multiple AppServer instances. Any given Progress session can use the application user ID to set the Progress session ID and any or all database connection IDs required by the session. You can set the application user ID from a user ID that is provided by a single controlling (typically client) session and that is authenticated using an external authentication system. For more information on n-tier applications, the OpenEdge AppServer, and application session models, see OpenEdge Getting Started: Application and Integration Services .
Auditing identity	The designated user ID that OpenEdge auditing records in audit event records for an audit trail. There is no functionally independent auditing ID. Instead, the auditing ID is set from one of the other established identities, depending on application configuration. By default, the auditing ID for the audit trail recorded by a given database is the database connection ID for that database. However, you can also set a database option to set the auditing ID from the Progress session ID of any Progress session that connects to the database. In this way, you can configure auditing for every database that is connected from a given Progress session so that all audit trails for that session are associated with the same user ID.