Table of contents

Official Content

GAM users are stored in User GeneXus Access Manager (GAM) Database table.

The information of the credentials stored in User table depends on the Authentication Types used in GAM.

In case of Local Authentication Type the credentials of the user are stored in GAM User table, and this is the only case in which they are accessible by GAM. In case of External Authentication TypeTwitter Authentication TypeGoogle Authentication Type or Facebook Authentication Type the credentials of the user belong to the external identity providers.

Depending on the model design of the application, the information of the user can reside entirely in the GAM User table or can be in any table of the application, in which case you need to map the information so as GAM can solve the security issues despite the user information is located in a table outside of GAM. See HowTo: Map Application Users to GAM Users for details on this topic.

User identity

A user is identified by a GUID in User GAM Table. Besides, "User Namespace (UserNameSpace) \ Authentication Type (UserAuthTypeName) \User Name (UserName)" is a Candidate Key.

When created, the user takes the Repository Namespace where he is defined.

Users can be referenced by other properties, like their name, login, or nickname, as explained here: HowTo: Reference GAM users using the GAM API.

Adding users 

Despite the Database being case sensitive, GAM does not support case sensitivity for the username. If you try to insert a user named "Jhon" (capital letters) and another user whose username is "jhon" already exists, an error will be thrown: Username already exist. (GAM49).

Deleting users

A user can be logically deleted, using the delete method:

    if &GAMUser.Success()

To undelete the user, use the corresponding method:

    if &GAMUser.Success()
        &isOK = &GAMUser.UnDelete(&GAMErrors)
        if &IsOK
           //Display GAM Errors

Another option is to physically delete the user (the user and all its relations are removed from the Database):

     if &GAMUser.Success()
        &isOK = &GAMUser.PhysicalDelete(&GAMErrors)
           if &isOK
              //Process GAM Errors

Read about How to revoke tokens from external IDPs.

GAMUser external object

The GAMUser external object (imported when GAM is activated or updated) is used to manage the GAM Users in the application.

It is part of the GAM API and allows handling properties and performing different actions on the users.

Some examples of how to use the GAM API to manage user relations are detailed in the following links:

See the GAM - Examples distributed, in particular the GAMExampleWWUsers and GAMExampleEntryUser objects to get more examples.

User relation to Roles, Repository and Permissions

User properties

The User table structure allows storing UserFirstName, UserLastName, UserBirthday, UserGender, UserPhone, etc. If you need to store other information than the information provided by the User table structure, you can extend the User table properties using an approach based on OAV : see Extensibility of GAM entity properties and HowTo: GAM User table extensibility - multivalued attributes.

GAM Initialization and admin user

When GAM is activated for the first time (Enable Integrated Security property is set to TRUE), the user "admin" is created for prototyping purposes. You can login using "admin" in the GAM Backoffice in order to start working, and afterwards create new users for your application. See GAM - Getting Started for more details.

See Also

GAM Deploy Tool - Import Users
HowTo: Filter data by user using the GAM API


Last update: February 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant