A GAM database can allocate more than one Repository. In fact, there are always at least two Repositories in a GAM database.
The "GAM Manager Repository" always exists. This is where administrator users of all repositories are defined.
The default administrator user of "GAM Manager Repository" (created when the GAM metadata is initialized), is "gamadmin", whose password is "gamadmin123" by default.
This is the default user (created in GAM metadata initialization) of the GAM Manager Repository. This user's password has to be changed when going into production.
You can define new users in the GAM Manager Repository (as many as you want).
The purpose of the "gamadmin" user is to do the following tasks:
When the actions detailed above are discarded, the gamadmin user isn't allowed by default to perform any action in other repositories (such as listing the users of the repository). So, the end user is compelled to log into that repository to execute those actions.
In a multitenant scenario where the gamadmin user creates new repositories, he may need to perform any of the actions that he isn't allowed to execute as gamadmin in a new repository. In these cases, when the user sets a connection to the repository, and tries to execute any API to the new connection, the login is shown.
To avoid logging in again, use the following method to enable the gamadmin user in the repository created.
(Boolean) GAM.RepositoryUserEnable(Numeric: RepositoryId,GAMUser: GAMUser, Numeric: AdministratorRoleId, GAMErrors Errors)
Consider the following:
- This method can only be executed in a GAM Manager session, and the GAMUser specified must be gamadmin.
- The parameter AdministratorRoleId indicates the Id of the administrator role, so the gamadmin user will be enabled in the repository using that role.
The user has to be enabled in a repository where an Application has already been created.
Otherwise, it will throw an error: Application GUID RepId:x - AppGUID:y unidentified. Please contact the application administrator. (GAM174)
The following method allows disabling the user of the repository.
(Boolean) GAM.RepositoryUserDisable(Numeric: RepositoryId,GAMUser: GAMUser, Numeric: AdministratorRoleId, GAMErrors Errors)
In sum, the gamadmin user can also be enabled in other repositories (different from the GAM Manager repository). This allows the user to perform actions in the repository as if he were an administrator of that repository. The main purpose is to avoid forcing the user to log into the repository after setting the new connection.
Take a look at the GAMExampleRepositoryEntry object, where the following code is included after creating a new repository, enabling the gamadmin user to that repository.
&RepositoryNew = GAMRepository.GetByGUID(&GUID, &Errors) //&Errors is GAMError collection.
&GAMUser = GAMUser.Get()
&isOK = GAM.RepositoryUserEnable(&RepositoryNew.Id, &GAMUser, &AdministratorRoleId, &Errors)
Afterwards, the user can change the working repository (set the connection to that repository), and he won't be asked to log into that repository when he tries to perform any GAM API action.
HowTo: Connecting to GAM Manager Repository