About role-based user authentication
- Last Updated: February 11, 2026
- 1 minute read
- OpenEdge
- Version 13.0
- Documentation
For user authentication, the PAS for OpenEdge comes configured for use with
Tomcat MemoryRealm. The MemoryRealm accesses user
authentication information stored in instance-name/conf/tomcat-users.xml. Replace the
MemoryRealm with a different type of realm such as JDBC or LDAP in
a production instance. You can have multiple realms of different types configured at the
same time.
PAS for OpenEdge retains the roles defined in the default Tomcat
MemoryRealm, but PAS for OpenEdge also includes a new set of roles
that include the Tomcat roles. The following table lists the new roles and the existing
Tomcat roles they map to, if any:
| PAS for OpenEdge role | Includes Tomcat Manager and Host Manager roles | Description |
|---|---|---|
ROLE_PSCAdmin |
|
Unrestricted administration access.
|
ROLE_PSCOper |
|
Restricted operator administration access. The Tomcat roles allow access to the text interfaces of the Host Manager and Manager applications as well as the status pages in the Manager application. |
ROLE_PSCUser |
none |
Non-priviliged access |
ROLE_PSCNone |
none |
No access, for user account authorization testing |
MemoryRealm, that realm must have the roles listed in the table
above.PAS for OpenEdge comes with three default test accounts configured in instance-name/conf/tomcat-users.xml:
| Username | Password | Roles |
|---|---|---|
tomcat |
|
ROLE_PSCAdmin, ROLE_PSCOper,
ROLE_PSCUser Note: Replace the
ROLE_PSCUser in production. |
tcuser1 |
|
ROLE_PSCUser
Note: Remove the ROLE_PSCUser in
production. |
tcuser2 |
|
ROLE_PSCNone
Note: Remove the ROLE_PSCNone in
production. |
instance-name/conf/tomcat-users.xml is shown
in the following
example:<user username="tomcat" password="tomcat"
roles="ROLE_PSCAdmin,ROLE_PSCOper,ROLE_PSCUser"/>