OpenEdge applications can use two basic types of user authorization: application authorization, which prevents unauthorized ABL application authenticated users from running application procedures and using other types of application resources, and database authorization, which prevents unauthorized ABL application authenticated users from modifying database tables and fields. (When a database is initially created, every user is a security administrator.) Application authorization always functions at run time using developer-defined privileges.

OpenEdge provides four types of database authorization: compile-time authorization ensures that only authorized users can compile procedures that access protected tables and fields at compile time; run-time authorization ensures that only OpenEdge authorized users can access database tables and fields when any ABL session (.p or .r) runs; connection authorization ensures that only OpenEdge authenticated users can connect to an OpenEdge database; and security authorization ensures that only authorized security administrators can manage table and field permissions or the records contained in certain security-related meta-schema tables.

OpenEdge also relies on security mechanisms at the operating system level to ensure that only authorized users access r-code, procedure libraries, and database files.

For information about establishing and maintaining connection security, schema security, and database file security, see Manage the OpenEdge Database. In addition to the security features described here, OpenEdge supports secure connections between ABL (Advanced Business Language) client and server components on the network using the Transport Layer Security (TLS). For more information, see Learn about Security and Auditing.

This set of topics provides details about user authorization, database authorization, and other security features in the following sections: