OpenEdge provides the option of identifying the user making a change within a Change Tracking Table record.

The user's identity is stored in the _User-Name field of the _Cdc-Change-Tracking table. There is no schema change.

The user's identity is set to one of the following options:

  • None — Does not record any user identity.
  • Database — Records the user's identity based on the database connection used by the user.
  • Application — Records the user's identity based on the application session used by the user.

Configure the recording of the user's identity with OpenEdge Management or with a program authorized and written to manipulate the _Db-Option table. For details on configuring the user's identity with OpenEdge Management, see Configuring CDC user identity using OpenEdge Management.

Configuration information

When configuring the CDC User Identity, the following restrictions apply:

  • If at least one Security Administrator exists, then only a Security Administrator can change the user identity recorded in the Auditing and CDC Change Tracking tables.
  • If no Security Administrator exists, only users with appropriate access to the _Db-Option table can change the user identity recorded in Auditing or CDC Change Tracking tables.
  • The Security Administrator, or user with _Db-Option access, can request any of the following options for how the user identity is recorded in the Change Tracking Table:
    • None (this is the default behavior).
    • The user identity with no domain information (shortened user identity), for example user1.
    • The user identity with the domain information (fully qualified user identity), for example user1@companydomain.
      Note: This is provided implicitly and cannot be overridden if the database is enabled for multi-tenancy.

    Where optional, the reporting of a shortened or fully qualified user identity is database wide. However, when both Auditing and CDC are enabled, you cannot configure the user identity as separate options for each feature.

    For Auditing and CDC, the interactions are as follows:
    • Auditing does not need to be enabled to specify the qualification of the CDC user identity reported.
    • CDC does not need to be enabled to specify the qualification of the Auditing user identity reported.
    • However, either Auditing or CDC must already be enabled to specify this option at all.

Changing Identity

Although the changes to the CDC identity can be made online, the change only takes effect at the next occurrence of a SETUSERID() / SECURITY-POLICY:SET-CLIENT() / SET-DB-CLIENT() implicit or explicit action. This behavior is consistent with auditing.

If application session identity is requested, and the application has not set application session identity for the client connection, then the database connection identity is recorded.

Related Information

For more information user identity, see:

  • The Application Security section of OpenEdge Programming Interfaces.
  • The Audit Security section of Learn about Security and Auditing.
  • The Configuring and Implementing Authentication in OpenEdge section of Learn about Identity Management.