Permission Prefix property

Indicates the prefix to be used when generating permissions automatically for the Application to which the object belongs.

Scope

Objects: Transaction, Business Component, Procedure, Data Provider, Web Panel, Web Component, Work With, Dashboard, Query, API
Generators: .NET, .NET Framework, Android, Apple, Java

Description

This property is valid in applications where Authorization is going to be checked automatically using GAM. That is to say, the Enable Integrated Security property is set to "True", and the Integrated Security Level property is set to "Authorization".

The property's default value is the name of the object. You can replace it with any string that follows the syntax for GeneXus object names.

It is available at object level in these particular cases:

• Web objects with URL access (Web Panel, Transactions, Web Components with their URL access property set to Yes).
• REST Web Services (Procedures, Business Components, Data Providers).
• HTTP Procedures (Main Procedures with Call protocol property = HTTP).
• Reporting objects: Dashboard and Query.
• API objects.
• Work With objects.
• Panel objects.

In the case of Transactions, a set of permissions is created in the GAM Repository. They are named as follows:

• <prefix>_FullControl
• <prefix>_Execute
• <prefix>_Insert
• <prefix>_Update
• <prefix>_Delete

The "<prefix>_FullControl" permission groups all permissions: See Full Control Permissions for details.

The "<prefix>_Execute" permission enables you to display the data of the Transaction (display mode).

The other permissions execute an action over the Transaction (Insert, Update, or Delete).

In the case of Business Components exposed as a service, the following permissions are created in the GAM Repository:

• <prefix>_Services.FullControl
• <prefix>_Services_Execute (reads the data, which implies a GET HTTP over the REST service).
• <prefix>_Services_Insert (implies a PUT HTTP over the REST service).
• <prefix>_Services_Update (implies a POST HTTP over the REST service).
• <prefix>_Services_Delete (implies a DELETE HTTP over the REST service).

In the case of Web Panels, Query, and Dashboard objects, the following permission is created in the GAM Repository:

• <prefix>_Execute

In the case of APIs, the following permissions are created in the GAM Repository:

• <prefix>_Services_FullControl
• <prefix>_Services_<Method>

Note: The permissions of the API object methods can be redefined with the SecurityPermission annotation. 

This property can also be used to group different objects so that all the objects that have the same prefix (i.e. "xxx") will have the same permission names in the GAM Repository (xxx_insert , xxx_update, etc.). Thus, the roles to which the xxx_insert , xxx_update permissions are assigned will be able to execute all the objects with the Permission Prefix property = "xxx".

At runtime, these permissions will be checked automatically when the objects are executed.

Runtime/Design time

This property applies only at design time.

How to apply changes

See Also

GAM - Automatic Permissions generated by GeneXus
GAM - Permissions Created by the User
Integrated Security Level property
Not Authorized Object for Web property
GAM - Permissions
GAM - Authorization Scenarios
HowTo: Define an API object with a security scheme