The property exists at Version and object level. It's valid for web objects and objects for Smart Devices applications.
It allows establishing whether the object will have security enforced.
The property at Version level (Default Integrated Security Level Property ) allows establishing the default value for all the objects of the KB.
Security will be enforced. Objects security checks will be done automatically at startup, and only Authentication will be checked. In case of web objects, the check is also done in every AJAX call which is executed. This is the default value at Version level.
Security will be enforced. Objects security checks will be done automatically at startup (in case of web objects, before Start Event). Authentication and Authorization will be automatically checked.
Security will not be enforced.
Use Environment property value
This is the default value at object level.
If the property Integrated Security Level is set to "Authentication" value, the generated code will automatically do the security checks at startup.
If an object is configured with None, it means that it's a public object of the application. If the property is set to Authentication, it means that only an authenticated user can access it. In case the user is not authenticated, a Login Object for Web property or Login Object for SD property will be desplayed (depending on the application), in order to allow the user to authenticate and access the application.
In case of SD applications take into account that in general you will need to configure the same security level for all objects that are descendant from the entry point of the application which requires Authentication.
Suppose you have an application with two modules, both are items of the main Dashboard Object of the application, but only one of them is going to be secure (that is to say only one will need Authentication). In general, you will set the same security level for all WWSD objects which are descendant of this object in the call tree, because it's the only way to force security to the REST Web Services related to this objects. Besides, when session expires, you will probably need the user to be asked to login again, regardless the point of the application where he is navigating (if he is inside the module which requires Authentication), so the only way to achieve this is that all descendants of the entry point WWSD of the secure module, have the same security level.
For objects which have None, security is not enforced, so REST Web Services will be publicly exposed.
If the property Integrated Security Level is set to "Authorization" value, the user must be logged in, and he needs to have rights to access the object he is trying to execute. This security check is automatic.
The security of the application will be checked automatically by means of GeneXus Access Manager (GAM).
In case of Dashboards (and sd objects for which there is not a dataprovider generated automatically to implement the business logic of them - because they do not execute anything on the server), the permissions are not verified, that´s why the only available values for Integrated Security Level Property are "None", and "Authentication" in this case.
If you configure "Authentication" value in this property, the behavior is not the same as the behavior for SDPPanel?s or WWSD panels: when trying to execute the Dashboard for the first time, the Login Object for SD will execute. But in the next executions, the validity of session is not checked for Dashboards, so the login object will be displayed again only when the user tries to execute another private object which is called from the Dashboard.
How to apply changes? Execute a Rebuild all objects operation.
Enable Integrated Security Property
Administrator User Name Property
Administrator User Password Property
Connection User Name Property
Connection User Password Property
Login Object for Web Property
Not Authorized Object for Web property