The following are some of the properties grouped by GAM Security Policies (GAMSecurityPolicy external object):
It is possible to assign a security policy to a GAM User.
It is also possible to assign a security policy to roles.
In addition, a default security policy can be set for the GAM Repository.
The GAM security policies can be defined using GAM Web Backoffice, or programmatically using the GAM API.
When using GAM Web Backoffice the interface to add or update a security policy looks like the following figure:
The decision by which a security policy will be assigned to a user at runtime depends on the following precedence:
1. Security policy associated with the user.
Each GAM user can have one security policy associated with him or none.
Using GAM Web Backoffice, go to WW Users and edit the user properties (as shown in Figure 2) to change his security policy.
Programmatically, you can get the security policy of the user with SecurityPolicyId property of GAMUser object.
&User.Load(&UserId) //&User is GAMUser object, &UserId is GAMGUID data type
&SecurityPolicyId = &User.SecurityPolicyId //&SecurityPolicyId is GAMKeyNumShort data type.
2. If the user has no associated Security Policy, the Security Policy associated with the Main Role of the user is used.
If the user has no security policy, the policy taken at runtime will be the one associated with his Main Role. See GAM Main Role of a user for more information.
By editing the user properties in WW Users, you can see his main role (it's the only one that cannot be set as Main Role).
By editing the role's properties, you can see the security policy of the role (which can be "none").
You can get the security policy of the role with SecurityPolicyId property of GAMRole object.
&Role.Load(&Id)//&Role is GAMRole, &Id is GAMKeyNumLong
&SecPolId = &Role.SecurityPolicyId //&SecPolId is GAMKeyNumShort data type
3. If none of the above, if the user have any role associated, GAM asign the security policy of the Default Repository Role.
4. If none of the above, the default security policy of the Repository is used.
Figure 5. Default Security Policy of the Repository
The property DefaultSecurityPolicyId of GAMRepository object tells the default security policy of the repository.
&Repository.Load(&Id) //&Repository is GAMRepository, &Id is GAMKeyNumLong data type
&DefaultSecurityPolicyId = &Repository.DefaultSecurityPolicyId //&DefaultSecurityPolicyId is GAMKeyNumShort data type
When setting a value higher than 0 for the property MinimumSpecialCharactersPassword, the following regular expression is used:
&UserPassword.Matches(!"[^\d\w]")
Which means:
\w [a-zA-Z0-9_] (literal or digit or underscore)
\d [0-9] (digit)
^ not
So, the regular expression means all that is NOT \d\w
GAM - Roles
GAM - Permissions
Security Session Management in Applications using GAM