There are two types of Permissions:
In the case of Automatic Permissions GeneXus generates the Permissions in F5; at runtime, it checks if the user has the permission, or if he has a role where the permission is allowed. This happens for those objects that have Integrated Security Level set to "Authorization". So, this property value has to be set for all the objects that are going to generate permissions which are checked at runtime.
This document focuses on Permissions created by the user.
When permissions are going to be created by the user and are used programmatically, the object does not need to have Integrated Security Level set to "Authorization" because "Authentication" is enough. The only prerequisite is that the Requires Access Permissions option of the GAM Application is selected.
The following is an example where a permission is defined using the GAM Web Backoffice.
First, edit the GAM Permissions of the application:
Next, click to add a GAM Permission to the Application:
Define the permission named "PrintDetail" using the GAM Backend.
Go to WW Applications, select the corresponding application and add to it the permission "PrintDetail", specifying the desired Default Permission Access Type.
You can define a role including this permission (with the corresponding Permission Access Type), or just assign this permission to a user.
Go to the Roles secction and edit Role1 to assign a Permission to it.
Click on "MORE OPTIONS" button and then Click on Permissions.
Then select the application, in this case: "Dashboard", click on the "ADD" button.
Select the Permission you want to assign to the role and click on "ADD SELECTED" button.
The following code can be included in any object, which asks if the permission is among the permissions granted to the logged-in user:
&isAuthorized = GAMRepository.CheckPermission("BookCopy")
//Do Anything else
Note that there's no need to set the Integrated Security Level
property to "Authorization", and that "Authentication" is enough.
GAM - Authorization Scenarios
Restricted access to GAM Backoffice
GAM - Permissions