OpenEdge user IDs

The form of the user ID required for OpenEdge user authentication depends on the account system where a user's identity is defined and the configuration of OpenEdge security domains in connected OpenEdge databases. The form of the user ID used for various security functions in an OpenEdge database also depends on whether the database is a non-multi-tenant database or a multi-tenant database.

OpenEdge user IDs are defined as either non-qualified or fully qualified. A non-qualified user ID contains only a user name and no domain name. A fully qualified user ID contains both a user name and a domain name separated by the '@' character (also referred to as the domain delimiter). Whether OpenEdge requires a non-qualified or fully qualified user ID depends on the database configuration and the security function where it is used.

In general, the exact character set, length, and case sensitivity of a user ID depend on the account system where the user ID is defined. The non-qualified user ID (user name) defined in the _User table accounts of an OpenEdge database can be a string of up to 32 characters. Like table names, these OpenEdge internal user IDs must begin with a character from a-z or from A-Z. The user name can consist of:

  • Alphabetic characters
  • Digits
  • Special characters except the following: # ! @ , *

OpenEdge internal user IDs are not case sensitive: They can be uppercase, lowercase, or any combination of these. You can establish user IDs in a database through the various OpenEdge database administration tools (see Establish an OpenEdge user ID and password.) You can also define a blank user ID, written as the empty string, "". OpenEdge also uses the blank user ID as a default user ID when none is provided for certain database connection situations.

An OpenEdge domain name can be a non-empty, case-insensitive string with maximum length of 64 characters from the following restricted character set:

  • a to z
  • A to Z
  • 0 to 9
  • Any of the following seven special characters:
# $ % & - _ .

OpenEdge also defines a blank ("") domain name that you can configure in various ways. OpenEdge uses this blank domain when a user does not specify a domain with their user ID. For more information on using user IDs, user names, and domain names, see OpenEdge Getting Started: Identity Management.

Note: In the OpenEdge Data Dictionary and Data Administration tool, the fields to enter users in the _User table accounts are labeled assuming one form of user ID—the non-qualified user ID. The purpose of the User ID field is to enter this non-qualified value. You enter the domain name for a fully qualified user ID in a separate Domain Name field. There is also a User Name field displayed in these tools. However, this is not for the user name that you enter to define a non-qualified user ID, but is meant to hold an informative name, such as the first and last names of the individual who owns the specified user identity.
CAUTION: When you first create a database, all users (including the blank user) have security administrator privileges. Configure and test user authentication for the users whom you intend to identify as security administrators before you change the Security Administrator list; this will allow you to log in and not be locked out of the database. You should also define the security administrator roles before you change the default table and field permissions of the database. After you define the first non-blank user in the _User table accounts, the blank user no longer has security administrator privileges for all subsequent connections to the database. If you have not defined at least one non-blank user as a security administrator, you will not be able to modify the security functions of the database and can lock yourself out of the database as a result.