QUALIFIED-USER-ID attribute

Sets or reads the values of the USER-ID attribute (user name) and DOMAIN-NAME attribute separated by the '@' domain delimiter. This value represents a fully qualified user identity that you can use to establish identity in ABL sessions or database connections using the SECURITY-POLICY:SET-CLIENT( ) method or the SET-DB-CLIENT function. This user ID is then used to authorize such actions as accessing resources (run-time permissions checking) and providing an auditing identity, among other things. For a multi-tenant database connection, the user’s identity also establishes the user’s database tenant organization.

Data type:

CHARACTER

Access:

Readable/Writeable

Applies to:

Client-principal object handle

You can write a character expression to this attribute using one of the formats in Table 94, where user-name is a specified value for the USER-ID attribute and domain-name is a specified value for the DOMAIN-NAME attribute.

 

Table 94:

Formats for assigning the QUALIFIED-USER-ID attribute

This format...	Writes...
""	The blank user in the blank domain
"@"	The blank user in the blank domain
"@domain-name"	The blank user in the specified domain
"user-name"	The specified user in the blank domain
"user-name@"	The specified user in the blank domain
"user-name@domain-name"	The specified user in the specified domain

When you read this attribute, it can return the values shown in Table 95.

 

Table 95:

Values returned when reading the QUALIFIED-USER-ID attribute

This value is returned...	For...
""	The blank user in the blank domain
"@domain-name"	The blank user in the specified domain
"user-name"	The specified user in the blank domain
"user-name@domain-name"	The specified user in the specified domain
Unknown value (?)	USER-ID or DOMAIN-NAME attributes that have not yet been set

Once the client-principal object is sealed, this attribute is read-only, and attempting to write to it raises a run-time error.

ABL also raises ERROR if you attempt to assign:

The Unknown value (?)

Any character expression that does not conform to the allowable qualified user ID forms shown in Table 94

A character expression when the client-principal object is sealed and in the LOGIN, LOGOUT, EXPIRED, or FAILED state (see the LOGIN-STATE attribute entry)

See also:

INITIALIZE( ) method, DOMAIN-NAME attribute, USER-ID attribute