Table of contents


Official Content

There are two types of Permissions:

In the case of Automatic Permissions GeneXus generates the Permissions in F5; at runtime, it checks if the user has the permission, or if he has a role where the permission is allowed. This happens for those objects that have Integrated Security Level set to "Authorization". So, this property value has to be set for all the objects that are going to generate permissions which are checked at runtime.

This document focuses on Permissions created by the user.

When permissions are going to be created by the user and are used programmatically, the object does not need to have Integrated Security Level set to "Authorization" because "Authentication" is enough.  The only prerequisite is that the Requires Access Permissions option of the GAM Application is selected.

GAM - require access permissions v18

Sample

The following is an example where a permission is defined using the GAM Web Backoffice.
First, edit the GAM Permissions of the application:

GAM - Application permissions - v18

Next, click to add a GAM Permission to the Application:

GAM - Dashboard permission applications - v18

Define the permission named "PrintDetail" using the GAM Backend.
Go to WW Applications, select the corresponding application and add to it the permission "PrintDetail", specifying the desired Default Permission Access Type. 

GAM - Create Permissions to application - v18

Define a Permission to a Role

You can define a role including this permission (with the corresponding Permission Access Type), or just assign this permission to a user.

Go to the Roles secction and edit Role1 to assign a Permission to it.

GAM - Edit role 1 - V18

Click on "MORE OPTIONS" button and then Click on Permissions.

GAM - Edit a permission to a role1 - v18

Then select the application, in this case: "Dashboard", click on the "ADD" button.

GAM - Edit a permission to a role - v18

Select the Permission you want to assign to the role and click on "ADD SELECTED" button.

GAM - Select permissions to a role in application - v18

The following code can be included in any object, which asks if the permission is among the permissions granted to the logged-in user:

&isAuthorized = GAMRepository.CheckPermission("BookCopy")
if &isAuthorized
  //Do something
else
  //Do Anything else
endif
Note that there's no need to set the Integrated Security Level property to "Authorization", and that "Authentication" is enough.

See Also

GAM - Authorization Scenarios
Restricted access to GAM Backoffice
GAM - Permissions

 
Last update: February 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant