QUALIFIED-USER-ID attribute

Sets or reads the values of the USER-ID attribute (user name) and DOMAIN-NAME attribute separated by the '@' domain delimiter. This value represents a fully qualified user identity that you can use to establish identity in ABL sessions or database connections using the SECURITY-POLICY:SET-CLIENT( ) method or the SET-DB-CLIENT function. This user ID is then used to authorize such actions as accessing resources (run-time permissions checking) and providing an auditing identity, among other things. For a multi-tenant database connection, the user's identity also establishes the user's database tenant organization.

Data type: CHARACTER

Access: Readable/Writeable

Applies to: Client-principal object handle

You can write a character expression to this attribute using one of the formats in the following table, where user-name is a specified value for the USER-ID attribute and domain-name is a specified value for the DOMAIN-NAME attribute.

When you read this attribute, it can return the values shown in the following table.

Once the client-principal object is sealed, this attribute is read-only, and attempting to write to it raises a run-time error.

ABL also raises ERROR if you attempt to assign:

• The Unknown value (?)
• Any character expression that does not conform to the allowable qualified user ID forms shown in Table 1
• A character expression when the client-principal object is sealed and in the LOGIN, LOGOUT, EXPIRED, or FAILED state (see the LOGIN-STATE attribute entry)

See also

INITIALIZE( ) method, DOMAIN-NAME attribute, USER-ID attribute