The majority of modern applications need some scheme of authentication/authorization. To cover these aspects, GeneXus provides a mechanism (called GeneXus Access Manager) to offer a single, centralized scheme with everything related to application authentication and authorization.
The GeneXus Access Manager (GAM) provides APIs to manage all the security issues concerning an application. Therefore, the security module of any application (web applications and smart device applications) is provided by GAM. Also, security controls are automatically performed by configuring Enable Integrated Security property.
GAM is based on the Role Based Access Control (RBAC) model.
It provides a GAM API with the implementation of all the functionalities related to security issues: user administration (registration, authentication, password administration, security policies), roles, etc.
It has its own database, logically independent from the database application, even though they can both be physically the same (with different table schemes).
End users (administrator users) can manage users and security policies through the GAM Web Backoffice.
GAM executes the reorganization in the database using csharp, so when MySQL is used you need to install ADO client for Mysql (32 bit libmysql.dll is required).
The same happens with Oracle or any other DBMS; since the reorganization is done using csharp, you need the corresponding ADO client to connect to the DBMS.
At development time, 32-bit drivers are needed because it is a GeneXus IDE requirement.
If the GAM datastore is different from MySQL or SQL Server, a setup is launched from the GeneXus IDE to install the GAM platform corresponding to the selected DBMS. See GAM platforms for more information. The setup is distributed so as to run it in standalone mode, under <GeneXus>\Library\GAM\Setup folder.
In web applications, GAM uses the web session to store user session data. As in any other web application, when load balancing environments are used, the servers need to persist the session (or use server affinity) so that the web session is available to the workers that respond to the request.