In general, only GAM Repository administrators will be able to execute the GAM Web Backoffice.
The restriction that only allows authorized users to access the GAM Backoffice is automatically implemented; the necessary code is automatically included in the backend objects, as we'll see in this document.
First, set the GAM - Examples Integrated Security Level property to "Authentication". The master page used checks that the user has a role that will allow him to access the GAM Backoffice objects.
To confirm that, edit the "GAMMasterpage" object (it's the Master Page object of "GamHome" Web Panel, which is the entry point of GAM Backoffice) and take a look at the code in the Start Event:
So, the CheckRoleByExternalId method of the GAMUser object is used to check for the "is_gam_administrator" Role External Id.
By default, the Administrator role (created automatically) has this Role External Id. The Role External Id for the Administrator role is updated in the GAM Applications registration (and in the initialization of the GAM metadata).
Note that in previous versions, the CheckPermission method was used to check if the user had access to the GAM Backoffice. In that case, the Require Access Permissions Application Property was required to be activated.
Now, this property isn't required because roles are checked and not permissions.