Release 10.1A: OpenEdge Getting Started:
Core Business Services

Asserting user IDs individually or in synchronization

You can decide whether the asserted user ID will be the same for the application and each database connection. There are two basic models that you can use:

A single user ID that applies to the entire application and all the database connections.

In this case, a single copy of registry information is used by all the domain registries; a 4GL database client application uses the same user ID for access control to both the application resources and the database data.

To do this, the application domain registry must be configured within the Progress session and each database’s registry (or databases’ registries) must be configured to use the Progress session’s domain registry to validate client-principal objects. Within the Data Administration tool, the option must be set for the database to trust the application registry.

When the database trusts the application domain registry, the database connection trusts and uses that registry for validating application user IDs wanting to access the database. If the option to trust the application domain registry is not set in Data Administration, the registry information is obtained from the database’s internal tables.

When the database connection attempts to validate a client-principal, whether passed explicitly through the SET-DB-CLIENT function or implicitly through the
SET-CLIENT( ) method, it will use the contents of the application’s registry to perform the validation on the client-principal.

The SET-DB-CLIENT function and the SETUSERID function always override any database connection ID set through the SET-CLIENT( ) method.

Multiple user authentication where the user identity for the application and each database connection can be set individually.

To do this, each database registry must be configured (within Data Administration) with the domains that can be trusted. Optionally, the Progress session’s domain registry may be configured for use in independently validating user IDs at the 4GL application level.

The configuration process is more complex with this option, in which applications use more than one user ID; the user ID used to access the database is not the same one used to control access from within the application. You can configure the application domain registry and each database connection to use its own registry.