OpenEdge Management performs authentication and authorization checks for every call made to each resource by a client. The client can be a web browser or Progress Developer Studio for OpenEdge using HTTP. After the user authentication is successful, specific permission is required to access a resource and perform an action on that resource such as starting a server or changing a property.
Note: Progress Developer Studio uses basic HTTP authentication to authenticate requests to OpenEdge Management. OpenEdge Management does not cache authentication credentials. When using Progress Developer Studio as a client for OpenEdge Management that is configured to use OpenEdge Authentication Gateway authentication, a Progress Developer Studio authentication request to OpenEdge Management results in sending the request to the OpenEdge Authentication Gateway server. This set up is not considered efficient.
If you are an administrator, you can configure user permissions based on the role of the user in OpenEdge Management. OpenEdge Management provides the following roles with default configuration:
  • PSCAdmin—This role has full permissions within OpenEdge Management.
  • PSCOper—This role has limited permissions which can further be modified by an administrator.
  • PSCTrend—This role has permissions to access very few resources that are required to provide remote trending operations via HTTP call from one OpenEdge Management installation to another.

In property-file based authentication, the property-file in the OpenEdge Management installation directory stores and assigns the role information to a user. When you enable OpenEdge Authentication Gateway authentication in OpenEdge Management, instead of a property-file, the authentication token returned by the OpenEdge Authentication Gateway server assigns the role information to a user.

To perform authentication and authorization checks, OpenEdge Management retrieves the user role information from the authentication token returned by the OpenEdge Authentication Gateway server. If the user role information contains one of the roles supported by OpenEdge Management, the authentication request will be successful allowing the user to log into the management console.