Question

Security in Mendix: Cannot reproduce correct answer in knowledge check

0

I am currently preparing for the Advanced Developer certification and stumbled over Questions 2 and 3 of the knowledge check 2.9 of the "Configure Advanced Security" learning path. If you follow the instructions to the letter, even "Question 1" would not work, because we need to grant the Customer module role page access so they can open the page and see the expected result. Let's be generous and assume, that everybody would do that anyway. Let's also assume that the Request_Overview page is linked to the Navigation bar so it can be opened at all. When we come to questions 2 and 3, the results contradict each other. At first glance, the correct answer to question 2 is quite straight forward. But we have to grant the Administrator module role to the Administrator user role, and assign the Administrator module role page access, or the page won't even show up in the navigation bar. But then question 3 happens and non of the options of question 2 are correct. So my question: Under what assumptions can the expected "correct" answers of Question 2 and Question 3 be achieved in reality at the same time?

asked 2024-09-13

Tobias Rötschke

2 answers

Joost Stapersma · Answer 1 · 2024-09-13

Actually you don't need to connect a page to the navigation tree to open it, there is a javascript command in the Mendix client API that allows you to open any page*, see https://apidocs.rnd.mendix.com/10/client/mx.ui.html#.openForm

*Note that this feature is not available any more in the new React Client

Alternatively, if you have microflow accessible to the Administrator user role which opens the page, the page would open but there would be no results and most likely an error shown.

The "Question 3" result can be achieved if you have a (microflow) button to open a page with an instantiated object of the entity without access. Studio pro will detect that there are widgets showing attributes to a user. For example, try to remove the Administrator module role from the Orderline entity. Any place(s) where the attributes are shown on a page will generate errors:

Stephan Bruijnis · Answer 2 · 2024-09-13

Hi Tobias,

I agree the questions are weird.

- question #1 would indeed require access to a page with that specific data grid

- question #2 would not be possible as it would trigger errors in studio pro (also the answer of question #3) and not allowing you to deploy

Probably worth a ticket for mendix support