What is the advantage of integrating K2BTools's security when using GAM as a security backend for an application? GAM manages authentication and authorization on its own so, which are the funcionalities gained by integrating K2BTools in the security management?
The advantages arise from the fact that GAM and K2BTools check the user's permissions in different moments. GAM checks are executed when the user enters a web panel, whereas K2BTools checks are executed both when entering a web panel and when generating the buttons in the screen that will link to those web panels.
Because of this difference, using K2BTools toghether with GAM provides a better user experience, as only options available to the user are shown. For example, imagine the following scenario: The user logged in has permissions to view records that belong to a certain transaction but not to update them. The behaviour in both cases is as follows.
In this configuration, the permission will be checked only when the user enters the transaction object in UPDATE mode. The corresponding work with will not be affected by the security restriction.
Because of this, the update button will continue to appear, and the user will be able to click it. This delivers a poor user experience as the user must try all the options to know which ones are available to them.
|User navigation when using GAM, without integrating K2BTools's security
In this configuration, the permission will be checked both when entering the transaction and when rendering the work with screen. As the user has no permission to access the transaction in UPDATE mode, the corresponding button in the Work With panel will not be shown.
This configuration provides a better user experience as the user will see only the options available according to his permissions, avoiding confusion.
| User navigation when using K2BTools's security integrated with GAM
Note: GAM permission checks will be included in the transaction
when using this option, as explained in the previous one. If the user
accesses the transaction directly via its URL, he will be redirected to
the "Not authorized" page by the security backend.