Permissions by Method in the API object present a problem when setting the Authentication value in the Integrated Security Level property. If the [SecurityLevel(Authorization)] annotation is added to one of the methods to use authentication, the system does not automatically generate the base permissions for the object in the GeneXus Access Manager (GAM) Database.
There are two solutions to address the problem:
One option is to manually create the required permission in the GAM Database and then add the [SecurityPermission()] and [SecurityLevel(Authorization)] annotations to the corresponding method. This ensures that the user has access to the appropriate authorization to consume the method without problems.
Another effective alternative is to change the
Integrated Security Level property to Authorization. Subsequently, the annotations [SecurityLevel(None)] can be added to methods that do not require authorization and [SecurityLevel(Authorization)] to the method that does. When this change is made, the base permissions for the object in the GAM Database are automatically generated. This will allow the appropriate permissions to be assigned to the user attempting to consume the method more easily and avoids potential unauthorized access conflicts.