The primary requirements to run an application against a multi-tenant database are to configure one or more tenants in the database and to configure at least one domain per tenant to which application users can authenticate when they log into your application. For a converted multi-tenant database, any existing application only requires the default tenant in order to execute as originally designed, and you typically add additional regular tenants to expand the application to run with totally separate sets of users, again, with little or no change to the application code.

Note: Because super tenants have no real tenancy of their own, OpenEdge initially provides effective super-tenant access to default tenant data. However, a super tenant can assume the effective tenancy of any and all regular tenants of a database (including the default tenant) at run time. For more information, see Code for super-tenant access.

If you already have domains defined in a multi-tenant database in order to sign on users using a client-principal object, and you configure each of these existing domains with a tenant, your application might work without any further changes depending on how you initialize attributes of the client-principal. Assuming these attributes are set correctly, existing calls to the SET-DB-CLIENT function or the SET-CLIENT( ) method (on the SECURITY-POLICY system handle) will set the tenant identity along with the user identity of any multi-tenant database connection.

If your user login procedure relies entirely on the User ID (-U) connection parameter to authenticate database access (at startup or using the CONNECT statement), as long as you ensure that users provide a user ID that includes their assigned user name and domain name in the form, user-name@domain-name, and the domain is configured for an authentication system (such as the _User table accounts) to which OpenEdge can authenticate database connections, your application might also work without any further changes. The main thing is to ensure that your application sets database connection identity in a manner that authenticates users with a tenant identity defined in your database.

You can design a number of different approaches (authentication models) to manage user access to OpenEdge databases. For more information on authenticating users with or without a tenant identity, see Learn about Identity Management.

To aid in troubleshooting the management of database user IDs that control access to tenant data, you can enable tenant logging for the Progress Application Server (PAS) for OpenEdge. See Tenancy logging for more detail. Note that enabling tenant logging does not replace OpenEdge auditing for recording which user ID performed database transactions.