GAM users are stored in User GeneXus Access Manager (GAM) Database table.
The information of the credentials stored in User table depends on the Authentication Types used in GAM.
In case of Local Authentication Type the credentials of the user are stored in GAM User table, and this is the only case in which they are accessible by GAM. In case of External Authentication Type, Twitter Authentication Type, Google Authentication Type or Facebook Authentication Type the credentials of the user belong to the external identity providers.
Depending on the model design of the application, the information of the user can reside entirely in the GAM User table or can be in any table of the application, in which case you need to map the information so as GAM can solve the security issues despite the user information is located in a table outside of GAM. See HowTo: Map Application Users to GAM Users for details on this topic.
A user is identified by a GUID in User GAM Table. Besides, "User Namespace (UserNameSpace) \ Authentication Type (UserAuthTypeName) \User Name (UserName)" is a Candidate Key.
When created, the user takes the Repository Namespace where he is defined.
Users can be referenced by other properties, like their name, login, or nickname, as explained here: HowTo: Reference GAM users using the GAM API.
Despite the Database being case sensitive, GAM does not support case sensitivity for the username. If you try to insert a user named "Jhon" (capital letters) and another user whose username is "jhon" already exists, an error will be thrown: Username already exist. (GAM49).
A user can be logically deleted, using the delete method:
&GAMUser.Load(&GAMGUID)
if &GAMUser.Success()
&GAMUser.delete()
endif
endif
To undelete the user, use the corresponding method:
&GAMUser.Load(&GAMGUID)
if &GAMUser.Success()
&isOK = &GAMUser.UnDelete(&GAMErrors)
if &IsOK
commit
else
//Display GAM Errors
endif
endif
Another option is to physically delete the user (the user and all its relations are removed from the Database):
&GAMUser.Load(&GAMGUID)
if &GAMUser.Success()
&isOK = &GAMUser.PhysicalDelete(&GAMErrors)
if &isOK
commit
else
//Process GAM Errors
endif
endif
Read about How to revoke tokens from external IDPs.
The GAMUser external object (imported when GAM is activated or updated) is used to manage the GAM Users in the application.
It is part of the GAM API and allows handling properties and performing different actions on the users.
Some examples of how to use the GAM API to manage user relations are detailed in the following links:
See the GAM - Examples distributed, in particular the GAMExampleWWUsers and GAMExampleEntryUser objects to get more examples.
The User table structure allows storing UserFirstName, UserLastName, UserBirthday, UserGender, UserPhone, etc. If you need to store other information than the information provided by the User table structure, you can extend the User table properties using an approach based on OAV : see Extensibility of GAM entity properties and HowTo: GAM User table extensibility - multivalued attributes.
When GAM is activated for the first time (Enable Integrated Security property is set to TRUE), the user "admin" is created for prototyping purposes. You can login using "admin" in the GAM Backoffice in order to start working, and afterwards create new users for your application. See GAM - Getting Started for more details.
GAM Deploy Tool - Import Users
HowTo: Filter data by user using the GAM API