As part of using the OpenEdge Authentication Gateway, database connection role authorisation is added. This allows DBA's to restrict the set of users who may connect to a database at any given time.The feature is enabled via a record in the _db-options table of the database that is checked when the use of the gateway is enabled. A default role called _db.connection is used to grant individual users access to the database. No wildcard grants are used.

The stsconnroleutil utility provides a DBA the ability to control which user accounts are granted membership in a database's connection role from the operating system command line. The connection role is used to grant/revoke an individual user's right to either connect to their database, or be set as the connection's current user. Options include:
  • status
  • enable
  • disable
  • list
  • grantuser
  • grantfile
  • revokeuser
  • revokefile
The syntax of the specific commands is discussed in the sections that follow.