Image

Sign inLogin

Settings

Change Password

Logout

GeneXus Access Manager (GAM) (GeneXus 15 upgrade 3)

Table of contents

Page Id

GAM Built-in Security Module
- Getting Started
Authentication and Authorization
Repository features
- GAM Repository
GAM in Smart Devices
GAM deployment
Advanced
- GAM - Multiple Repositories Scenarios
- HowTo: Define a Menu using GAM
Compatibility
- GAM - Database version 4.0.2
- GAM - Database version 4.0.3

i	This is not the latest version of this document; to access the latest version, click here.

GAM - Permissions Created by the User (X Evolution 3)

This documentation is valid for:
GeneXus X Evolution 3 Help
GeneXus X Evolution 2 Help

Automatic Permissions generated by GeneXus with GAM and permissions that can be created by the administrator user of the GAM Backend are used in the GeneXus code to let only authorized users access the different resources of an application.

In the case of Automatic Permissions, GeneXus generates the permissions in F5. At runtime (when the object is going to be executed), it checks if the user has the permission, or if he has a role where the permission is included. This happens for those objects which have Integrated Security Level set to "Authorization". So, this property value has to be set for all the objects that are going to generate permissions which are checked at runtime.

When permissions are going to be created by the GeneXus user and are used programmatically, the object does not need to have Integrated Security Level set to "Authorization" because "Authentication" is enough.

The only prerequisite is that Require Access Permissions of the GAM Application is checked.

Figure 1. "Require Access Permissions" Repository Property

The following is an example where a permission is defined using the GAM Backend, in order to restrict the visualization of a grid column in an SD panel.

1. Define the permission named "PrintDetail" using the GAM Backend.
Go to WW Applications, select the corresponding application (in this example the SD application), and add to it the permission "PrintDetail", specifying the desired Default Permission Access Type. See the following figures:

Figure 2. Application Permissions in GAM Backend

Figure 3. Add a custom permission to the selected application

2. Define a role where this permission is included, with the corresponding Permission Access Type.

Figure 4. Role Permissions in GAM Backend

Figure 5. Add a permission to a role. First, select the application where the permission is defined.

Figure 6. Add a permission to a role. Secondly, select the permission and its access type.

3. In the "Load Event" code of the SD panel, ask if the permission is included in the permissions granted to the user who executes, by coding the following:

&isAuthorized = GAMRepository.CheckPermission("PrintDetail")
if &isAuthorized
  LiteraryStyleId.Visible = TRUE
else
  LiteraryStyleId.Visible = FALSE
endif

Only users who have a role where the permission "PrintDetail" is allowed can view the LiteraryStyleId attribute in this example.

Note that there's no need to set the Integrated Security Level property to "Authorization", and that "Authentication" is enough.