GAM Repository

The GAM Repository is a GeneXus Access Manager entity that supports an architecture where a single instance of the application runs on a server and serves multiple tenants. In this scenario, these tenants should use the same GAM database and different GAM Repositories within the GAM database. This is called a multitenant application. It provides every tenant with a dedicated set of GAM Roles, GAM Applications and GAM Security Policies.

The purpose of this document is to explain in more detail the GAM Repository structure.

The GAM Repository consists of:

The following is a simplified ER diagram of some of the GAM entities mentioned above:

applications-permissions relation GAM
Figure 1. Relationship of the different components in the GAM structure

(1) GAM Applications group GAM Permissions within a Repository.

(2)  A set of GAM Permissions falls within the scope of only one Application and one Repository.
Therefore, GAM Applications can be associated to n GAM Permissions, and GAM Permissions are determined by one Application in a Repository. 

(3) A Role is defined within a Repository. 
GAM Roles are associated to Permissions and Permissions can be used in many Roles.

(4) GAM Users is a strong entity, defined by a GUID as Primary Key. GAM Users can be enabled in one or more GAM Repositories, provided that the Repository Namespace is equal to the GAM User namespace. Repositories which have the same Namespace are grouped in some "logical" way; for instance, they are Repositories of the same company.

In light of all this, one possible scenario is to define a User who is enabled in different Repositories and has different Roles in each of them. Another scenario is a Multi-tenant application where one Repository is defined for each Company. See GAM Multiple Repositories Scenarios for details.

The concatenation of  "Authentication Type" +  "User Namespace"  + " User Name" is a Candidate Key of the GAM User entity. As mentioned before, the User Namespace is the same as the Namespace of the Repository where he is defined.

(5) GAM Authentication Types are within the scope of a Repository.

(6) GAM Security Policies are within the scope of a Repository.

See Also

GAM API: How to reference GAM users
GAM Repository features and properties
GAM Multiple Repositories Scenarios