The vast majority of modern applications need some scheme of authentication/authorization. To cover these aspects, GeneXus provides a mechanism (called GeneXus Access Manager) to provide the products of a single, centralized scheme of everything related to authentication and authorization of an application.
The GeneXus Access Manager (GAM) provides APIs to manage all the security issues concerning an application. So the security module of any application (web applications and smart devices applications) is provided by GAM, and security controls are also done automatically by configuring Enable Integrated Security property.
GAM is based on Role Based Access Control (RBAC) model.
It provides a GAM API which has the implementation for all the functionalities related to security issues: users administration (registration, authentication, password administration, security policies), roles, etc.
It has its own Data Base, logically independent from the Data Base application, though they can both be physically the same (with different table schemes).
Final users (administrator users) can manage users and security policies through the GAM Web Backoffice.
GAM executes the reorganization in database using csharp, so in case of Mysql database, you need to install ADO client for Mysql (libmysql.dll is required, see MySql ADO Net Configuration).
The same happens with Oracle, or any other DBMS; as the reorganization is done using csharp, you need the corresponding ADO client to connect to the DBMS.
In case that the GAM datastore is different from Mysql or SQL Server database, a setup is launched from GeneXus IDE in order to install the GAM platform corresponding to the selected DBMS.
The setup is distributed in order to run it in a standalone mode, under <GeneXus>\Library\GAM\Setup folder.