ABL supports several mechanisms to authenticate and set a given user identity for one or more database connections and ABL sessions.

Some mechanisms (the SET-DB-CLIENT function and SET-CLIENT( ) method on the SECURITY-POLICY system handle) take an unsealed client-principal object that you can create and initialize with user credentials in order for OpenEdge to authenticate the user identity. Then, using the same mechanisms in an SSO operation with the sealed client-principal, you might later authenticate the identity to other existing database connections and ABL sessions. These mechanisms are the only way to set the identity for a multi-tenant database connection, and the SET-CLIENT( ) method is the only mechanism available to set an ABL session identity.

Other mechanisms (like the User ID (-U)/Password (-P) connection parameters and the SETUSERID function) take user credentials directly as input for OpenEdge to authenticate and set the identity for new or existing database connections. Successful authentication using these direct authentication mechanisms automatically creates a sealed client-principal object that you can return to set the same identity for additional resources (ABL sessions and database connections) in your application.

For more information on authenticating and setting user identities, see Authenticating and setting user identity.