The model design of GeneXus Access Manager (GAM) enables you to connect to multiple Repositories to solve many scenarios where only one GAM Repository wouldn't be enough.
This document describes the case of a multiple repository Scenario (the same application installation is shared by many companies).
It's the case of a multitenant application where a single instance of the software runs on a server, serving multiple client organizations (tenants).
In this case, each Repository will have its own administrator users, and the information of one Repository is not accessible from the others.
To ensure that the Repositories are not related, you have to set a different Repository Namespace for each of them.
Because there is only one WEB Application involved, there's only one Application Id for this GAM Application. So, all the Repositories will have the same WEB GAM Application defined.
Also, the following is fulfilled:
- If the application is deployed in the same web app for all companies, the connection.gam file under the virtual directory (or under the web-inf directory in the webapp in Java) has a connection key associated with N entries in the SysConnectionConfig table, each pointing to different GAM Repository Connections.
- The application.gam file under the virtual directory (or under the web-inf directory in the webapp in Java) references the Application Id that corresponds to the application's KB.
1. Create a GAM Repository for each company, and specify a different Repository Namespace for each company.
Note: When the gam admin manages all the repositories, see Howto: Managing repositories using gamadmin user.
2. Use the GAM Deploy Tool to import the Application, and GAM Permissions from one Repository to another. Note that you can initialize the Repository using other methods like the one explained in HowTo: Creating New Repositories from a GAM deploy tool package.
Each Repository will have its administrator user who is in charge of creating users, roles, permissions, and security policies.
3. Create the connection.gam using GAMDeployTool; see GAMDeployTool:Creating connection.gam file.
If a web application is deployed for each company, each web application will have its own connection.gam file including the connection key associated with the GAM Repository Connection to the corresponding Repository. In this case, there's no need to do any special programming to connect to the GAM Repository.
If the executables are shared by all the companies, the connection.gam file includes the connection key associated with all the GAM Repository Connections. In this case, you need to set the corresponding GAM Repository Connection programmatically. See HowTo: Get and Set GAM Repository Connections for detailed information on this topic.