GAM Permissions exist within the scope of GAM Applications and are assigned to Roles and to GAM Users in the Repository.
The permission level a user has at runtime depends on the Permission Access Type.
There are some permissions which are Automatic Permissions generated by GeneXus and there are Permissions Created by the User. The first can be checked automatically at runtime, and both can be managed programmatically.
Below, each of these cases are detailed.
The code to check these permissions is included in the generated code, and the user only declares (through Permission Prefix Property) which is the permission which is going to be checked. In fact, he doesn't need to program anything, just to declare the permissions required to execute the object.
The permissions which are checked automatically at runtime are the Automatic Permissions generated by GeneXus.
GeneXus generates automatic permissions when the user specifies the following:
An automatic permission is a unit which can be checked automatically by each object, and the generated code incorporates the decision of allowing the user to access this object or forbid the access to it. It's important to mention that this check is done previous to Start Event.
In case of Automatic Permissions, GeneXus generates the permissions in F5 and checks in run time (when the object is going to be executed) if the user has the permission or if he has a role where the permissions are not denied.
1. Define a Web Panel named "SampleWebpanel". Permission Prefix Property is set automatically to "SampleWebpanel" value. In this case, the Web Panel has the Integrated Security Level property set with "Authorization" value.
2. After pressing F5, the Launchpad Tool Window will be opened, select the GAMHome Web Panel and log in with the GAM username and password to access to the GAM Backoffice.
Once in the GAM Backoffice, go to the "Applications" section, select your application and click on the "Edit" button.
Once there, you need to click on the "MORE OPTIONS" dynamic combo box and select the "Permissions" option to see all the permissions associated with your application. The permission named Samplewebpanel_Execute is shown:
After this, only users who have a role where this permission is allowed can execute "SampleWebpanel". The GeneXus user only declared the permissions needed to execute the object, he didn't program it in his code.
When permissions are checked programmatically, the object does not need to have Integrated Security Level set to "Authorization", but "Authentication" value is enough. Besides, Require Access Permissions Application Property has to be set.
The permissions which are checked programmatically can be Automatic Permissions generated by GeneXus or Permissions created by the user.
The way to check permissions in runtime is by executing Checkpermission method of GAMRepository Object.
GAM - Automatic Permissions generated by GeneXus
Permission Prefix property
GAM - Full Control Permissions and inheritance
Update GAM User Permissions
Get GAM User Permissions
Update GAM Application Permissions