Multiple Repositories Scenario: The same application installation is shared by many companies

Official Content

The model design of GeneXus Access Manager (GAM) enables you to connect to multiple Repositories to solve many scenarios where only one GAM Repository wouldn't be enough.

In this document, we explain the case of a multiple - repositories Scenario (the same application installation is shared by many companies).

It's the case of a multitenant application, where a single instance of the software runs on a server, serving multiple client organizations (tenants).

In this case, each Repository will have its own administrator users and the information of one Repository is not accessible from the others.

To ensure that the Repositories are not related, you have to set a different Repository Namespace for each of them.

As there is only one WEB Application involved, there's only one Application Id for this GAM Application. So, all the Repositories will have the same WEB GAM Application defined.

Also, the following is fulfilled:

  • If the application is deployed in the same web app for all companies, the connection.gam file under the virtual directory (or under the web-inf directory in the webapp in case of Java) has n entries, each pointing to different GAM Repository Connections.
  • The application.gam file under the virtual directory (or under the web-inf directory in the webapp in case of Java) references the Application Id which corresponds to the KB of the application.

Configuration steps:

1. Create a GAM Repository for each company, and specify a different Repository Namespace for each company.

Note: In case that the gam admin manages all the repositories, see Howto: Managing repositories using gamadmin user.

2. Use the GAM Deploy Tool to import the Application, and GAM Permissions from one Repository to another. Note that you can initialize the Repository using other methods like the one explained in HowTo: Creating New Repositories from a GAM deploy tool package.
Each Repository will have its administrator user who is in charge of creating users, roles, permissions, and security policies.

3. Create the connection.gam using GAMDeployTool; see GAMDeployTool:Creating connection.gam file.

If a web application is deployed for each company, each web application will have its own connection.gam file including the GAM Repository Connection to the corresponding Repository. In this case, there's no need to do any special programming to connect to the GAM Repository.

If the executables are shared by all the companies, the connection.gam file will include all the GAM Repository Connections. In this case, you need to set the corresponding GAM Repository Connection programmatically. See HowTo: Get and Set GAM Repository Connections for detailed information on this topic. 

See also