An ABL database is an open system. ABL clients encounter no security restrictions when accessing a newly created OpenEdge database. However, a database administrator can begin to restrict access by using the Data Administration tool, OpenEdge Management, or OpenEdge Explorer to add certain users as security administrators. A security administrator can limit access to the database's tables, fields, and _User table accounts. A database administrator can create these users in the database _User table accounts or in any other user account systems that OpenEdge supports.

Note that OpenEdge-supported user accounts can, with appropriate permissions, access an OpenEdge database through either the ABL or SQL security systems; however, ABL user accounts with a SQL only designation prevent ABL clients from using the account to access the database. The mechanisms that each security system uses to restrict access to the database by these user accounts differs.

ABL (unlike SQL) also has the concept of a default user that can connect to and access any OpenEdge database simply by not using the connection options to specify a user ID and password. This default user has a blank ("") user name in no particular domain, and has no real physical account defined anywhere. Without additional security measures, this default user has unfettered access to the database. By defining specific, non-blank users as Security Administrators, this prevents the default user, itself, from acting as a Security Administrator.

The Security Administrator can further enhance ABL security by assigning user permissions (including permissions on the default user) to define actions that may be taken on specific database objects. Again, ABL permissions can be assigned through the Data Administration tool, OpenEdge Management, or OpenEdge Explorer. For information on using the Data Administration tool, see Manage the OpenEdge Database. For information on using OpenEdge Explorer and OpenEdge Management, see Introduction to OpenEdge Management. From this point forward in this document, Database Administration refers to all three of these tools.

Any security permissions that a Security Administrator defines for users through Database Administration apply only to users accessing the database through an ABL client. (A SQL DBA cannot administer ABL security.) If users are able to access a database through both SQL and ABL clients, then DBAs should ensure that equivalent security models are developed for both clients.