When a user's domain is available for access control
- Last Updated: March 30, 2020
- 2 minute read
- OpenEdge
- Version 12.2
- Documentation
The name of a use's domain is available for authorization purposes depending on the type of database client, the type of access, and whether the database is multi-tenant or non-multi-tenant (non-tenant). In general, authorization to access a multi-tenant database is always controlled using a fully qualified user ID, including the domain name. However, authorization to access a non-tenant database is always controlled using only the user name—non-qualified user ID without the domain name—even if the user has been authenticated in a specified domain using a fully qualified user ID.
The following table shows more specifically for what database client and what type of access you can use a fully qualified user ID or only the user name to control access to database resources, where user@domain represents a fully qualified user ID and user-name represents non-qualified user ID.
| This database client type... | For database utility access uses... | For tenant data access uses... | For view access uses... | For table access uses... | For field/column access uses... |
|---|---|---|---|---|---|
| Database command-line utilities |
user@domain |
user@domain |
– |
user@domain |
– |
| ABL non-tenant | – | – | – | user-name | user-name |
| ABL multi-tenant | – |
user@domain |
– |
user@domain |
user@domain |
| SQL non-tenant | – | – | user-name | user-name | user-name |
| SQL multi-tenant | – |
user@domain |
user@domain |
user@domain |
user@domain |
Access to restricted database command-line utilities is granted to two user roles:
- ABL Security Administrator
- SQL DBA
In general, an ABL Security Administrator is granted access to:
- Restricted database command-line utilities
- Restricted ABL database configuration API's and classes
- Management of auditing roles
- Management of table and field time permissions checking at compile time or run time
- Restricted meta-schema tables, such as
_User,_File,_Db, and so on
An ABL Database Administrator must take all these access permissions into account when determining what users they assign to the Security Administrator role.
An SQL DBA is granted access to:
- Restricted database command-line utilities
- Management of security for views, tables and fields
All of the database client types perform run-time authorization to tenant data, and always use a fully-qualified user ID to do this type of access control.