Permissions Created by the User

Official Content
This documentation is valid for:

There are two types of Permissions:

In the case of Automatic Permissions (1), GeneXus generates the Permissions in F5; at runtime, it checks if the user has the permission, or if he has a role where the permission is allowed. This happens for those objects that have Integrated Security Level set to "Authorization". So, this property value has to be set for all the objects that are going to generate permissions which are checked at runtime.

This document focuses on Permissions created by the user (2).

When permissions are going to be created by the user and are used programmatically, the object does not need to have Integrated Security Level set to "Authorization" because "Authentication" is enough.  The only prerequisite is that the Requires Access Permissions option of the GAM Application is selected.

require access permissions salto

Figure 1. "Requires Access Permissions" Repository Property


The following is an example where a permission is defined using the GAM Web Backoffice.
First, edit the GAM Permissions of the application:

GAM permissions salto

Next, click to add a GAM Permission to the Application:

 Add GAM permission salto

The Permission definition can include, optionally, a resource (any object of the KB with URL access).

 Permission definition  salto

The resource parameters can only be constant values.

Note: The association of a resource with a permission is done only for the purpose of defining a Menu.

This permission is not checked at runtime when this resource is run.

Afterwards, you can define a role including this permission (with the corresponding Permission Access Type), or just assign this permission to a user.

The following code can be included in any object, which asks if the permission is among the permissions granted to the logged-in user:

&isAuthorized = GAMRepository.CheckPermission("BookCopy")
if &isAuthorized
  //Do something
  //Do Anything else

Note that there's no need to set the Integrated Security Level property to "Authorization", and that "Authentication" is enough.

See Also

GAM - Authorization Scenarios
Restricted access to GAM Backend
GAM - Permissions