Version: GeneXus 17

GAM Introduction course

Role-based access control (RBAC)

Introduction to Role-based access control. Description, components, and levels.


The objective of the course is to provide skills for implementing and configuring access control (authentication) in GeneXus web applications using GeneXus Access Manager (GAM).

The attendee will acquire the knowledge required to design, implement, and configure the necessary aspects for a correct implementation of authentication and external identity federation from GeneXus, in addition to the adoption of good IT security practices regarding authentication and access control.

Designed for:
Focused exclusively on those who work with GeneXus, including analysts, developers and testers, as well as project managers who wish to learn more about the security of GeneXus applications. 

To have the skills taught in the GeneXus Core Course (GeneXus Junior Analyst).

Approximate duration:
The estimated duration of this course is approximately 6 to 8 hours, depending on the learner's previous knowledge and experience.

Suggested methodology for this course:
The course has a theoretical and practical approach that introduces the different concepts on which GAM is based. 
A practical presentation is given and participants are asked to carry out practical exercises using the Trial (hands-on) version of GeneXus. 

Before the course:
  1. Install the GeneXus Trial version and download KB Travel Agency.
Beginning of the course:
  1. Watch the videos Role Based Access Control (RBAC), and RBAC and GAM.
  2. Complete Challenge 1 of the practice exercises.
  3. Watch the rest of the videos.
  4. Complete Challenge 2 and Challenge 3 of the practice exercises.
End of the course:
  1. Take the exam.
The exam will be taken on a computer, with multiple choice and true/false questions and
Here you can see the Exam Calendar.

Nicolás Adrién 
GeneXus Software Security Consultant
The course syllabus includes:
  • Introduction and Theoretical Framework of Access Control (Authentication and Authorization)
  • RBAC Model: Users, Roles, Permissions, and Sessions
  • GAM basics overview: Repositories, Security Policies, Applications, Menus, Authentication Types
  • GAM components
  • Authentication functionalities: Login, Logout, Change Password, User Registration, Forgot Password
  • One-Time password (OTP) and Time-Based One-Time Password (TOTP)
  • Roles functionalities: Registration, Deletion, and Modification
  • Authentication types: Local, External, Facebook, Twitter, OpenID Connect, OAuth 2.0, SAML
  • Identity Providers (IdP)
  • Repositories: Multi-tenant and Multi-branch


The instructions for the practical exercises and the necessary resources to do them are available for download at the following links:

Practice exercises (pdf): containing the challenges designed for the course.
Resources (xpz): containing the resources specified in the instructions of the challenges.

Bonus Material

To be able to do the course well, including the Practice exercises, download the Trial version of GeneXus.
GeneXus Trial     Guide: ”Installation and first run of GeneXus Trial”