GAM provides an API that allows you to handle data types and methods to add security (Authentication and Authorization) to GeneXus applications (both Web applications and Native Mobile applications).
So, when you enable GAM in a Knowledge Base (by setting the Enable Integrated Security property to True), certain external objects are imported to allow interaction with the GAM API. External objects are the way to access the GAM API and are distributed in a module called GeneXusSecurity.
The domains are distributed in the GeneXusSecurityCommon module.
GAMUser, GAMRepository, GAMPermission, GAMApplication, and GAMError are the names of some of the external objects.
External objects have properties and methods; in particular, they implement the same methods as a Business Component, as follows:
If you change any properties in the GAM objects, you need to call the save() method and run the Commit command.
GAM objects also have other methods implemented to create, update, or delete objects (see the AddPermission method in the example below). With these methods, the Commit command has to be used after the method is successfully executed. The only GAM methods that execute an implicit Commit are those related to the login, and they run on a new logical work unit (LWU). See SAC 31253.
If you are going to make changes in both ways (from a property and using a method) and need to cancel both changes—when an error occurs—you need to control it programmatically.
&PermissionAdd.GUID = &Id
&PermissionAdd.Type = &Access
&isOK = &GAMRole.AddPermission(&PermissionAdd, &Errors)
If not &isOK
For &Error in &Errors
Msg(Format(!"%1 (GAM%2)", &Error.Message, &Error.Code))
As explained before, the GAM API provides methods to extend the functionality of security mechanisms. You can read the GAM Examples that offer a wide range of use cases solved. After enabling GAM in your KB, you can import these examples manually (they are present in GAM_Web-Administration.xpz, found in <GeneXus Installation>\Library\GAM).
GAM - Activation Process