Table of contents


Official Content

The following are some of the properties grouped by GAM Security Policies (GAMSecurityPolicy external object):

It is possible to assign a security policy to a GAM User.
It is also possible to assign a security policy to roles.
In addition, a default security policy can be set for the GAM Repository.

The GAM security policies can be defined using GAM Web Backoffice, or programmatically using the GAM API.

When using GAM Web Backoffice the interface to add or update a security policy looks like the following figure:

SecurityPoliciyEntry

Figure 1. Interface to add or update Security Policies


The decision by which a security policy will be assigned to a user at runtime depends on the following precedence:

How GAM determines wich Security Policy applies to a User ?


1. Security policy associated with the user.

Each GAM user can have one security policy associated with him or none.

Using GAM Web Backoffice, go to WW Users and edit the user properties (as shown in Figure 2) to change his security policy.

SecurityPoliciyEntryWWUser

Figure 2.


Programmatically, you can get the security policy of the user with SecurityPolicyId property of GAMUser object.

&User.Load(&UserId) //&User is GAMUser object, &UserId is GAMGUID data type
&SecurityPolicyId   = &User.SecurityPolicyId //&SecurityPolicyId is GAMKeyNumShort data type.


2. If the user has no associated Security Policy, the Security Policy associated with the Main Role of the user is used.

If the user has no security policy, the policy taken at runtime will be the one associated with his Main Role. See GAM Main Role of a user for more information.
By editing the user properties in WW Users, you can see his main role (it's the only one that cannot be set as Main Role).

Security_Policy_ofMainRoleofUser - v18

Figure 3. Main Role of the User, in this example it's "Role1". 

By editing the role's properties, you can see the security policy of the role (which can be "none").

Security_PolicyofMainRoleofUser -v18

Figure 4. Security Policy assigned to a role

You can get the security policy of the role with SecurityPolicyId property of GAMRole object.

&Role.Load(&Id)//&Role is GAMRole, &Id is GAMKeyNumLong
&SecPolId = &Role.SecurityPolicyId //&SecPolId is GAMKeyNumShort data type


3. If none of the above, if the user have any role associated, GAM asign the security policy of the Default Repository Role. 
 

DefaultRoleRepository


4. If none of the above, the default security policy of the Repository is used.
 

At this step if the user has no security policy assigned, the security policy taken is the Default Security Policy of the Repository.

SecurityPolicyRepositoryConf
Figure 5. Default Security Policy of the Repository

The property DefaultSecurityPolicyId of GAMRepository object tells the default security policy of the repository.

&Repository.Load(&Id) //&Repository is GAMRepository, &Id is GAMKeyNumLong data type
&DefaultSecurityPolicyId  = &Repository.DefaultSecurityPolicyId //&DefaultSecurityPolicyId is GAMKeyNumShort data type

 

Notes

When setting a value higher than 0 for the property MinimumSpecialCharactersPassword, the following regular expression is used:

&UserPassword.Matches(!"[^\d\w]")

Which means:

\w [a-zA-Z0-9_] (literal or digit or underscore)
\d [0-9] (digit)
^ not 

So, the regular expression means all that is NOT \d\w
 

See Also

GAM - Roles
GAM - Permissions
Security Session Management in Applications using GAM


Last update: April 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant