Recents
GAM Security PoliciesOfficial Content

The following are some of the properties grouped by GeneXus Access Manager Security Policies (GAMSecurityPolicy GAM object):

A GAM User can be assigned a security policy, as well as GAM Roles can be assigned a security policy also. Besides, a default security policy can be set for the GAM Repository.

The GAM security policies can be defined using GAM Web Backoffice, or programmatically using the GAM API. Using GAM Web Backoffice the interface to add or update a security policy looks like the following figure:

GamSecurityPolicy

Figure 1. Interface to add or update Security Policies#

The decision on which security policy will be assigned to a user in runtime depends on the following precedence:

  1. The security policy associated to the user.#

Each GAM user can have one security policy associated to him, or none.

Using GAM Web Backoffice go to WW Users, and edit the user properties (as shown in figure 2) to change his security policy.

SecurityPolicyofUser

Figure 2.#

Programmatically you can get the security policy of the user with SecurityPolicyId property of GAMUser object.

&User.Load(&UserId) //&User is GAMUser object, &UserId is GAMGUID data type
&SecurityPolicyId   = &User.SecurityPolicyId //&SecurityPolicyId is GAMKeyNumShort data type.

  2. If the user has no Security Policy associated, the Security Policy associated to the Main Role of the user.#

If the user has no security policy, the policy taken in runtime will be the one associated to his Main Role. See GAM: Main Role of a user for more information.
By editing the user properties in WW Users, you can see his main role (it's the only one which has no possibility to be set as Main Role).

SecurityPolicyofMainRoleofUser2

Figure 3. Main Role of the User, in this example it's "Role1". #

By editing the role's properties, you can see the security policy of the role (which can be "none").

SecurityPolicyofMainRoleofUser1

Figure 4. Security Policy assigned to a role#

You can get the security policy of the role with SecurityPolicyId property of GAMRole object.

&Role.Load(&Id)//&Role is GAMRole, &Id is GAMKeyNumLong
&SecPolId = &Role.SecurityPolicyId //&SecPolId is GAMKeyNumShort data type

  3. If none of the previous, the default security policy of the Repository.#

If the user has no security policy assigned, neither a main role, the security policy taken is the Default Security Policy of the Repository.

SecurityPolicyofRepository

Figure 5. Default Security Policy of the Repository

The property DefaultSecurityPolicyId of GAMRepository object tells the default security policy of the repository.

&Repository.Load(&Id) //&Repository is GAMRepository, &Id is GAMKeyNumLong data type
&DefaultSecurityPolicyId  = &Repository.DefaultSecurityPolicyId //&DefaultSecurityPolicyId is GAMKeyNumShort data type

See Also#

GAM Roles
GAM Permissions
Security Session Management in Applications using GAM


 



 

Was this page helpful?
What Is This?
Your feedback about this content is important. Let us know what you think.