Security in 2.5 - Administration.Account

I have a project converted from to 2.5. In 2.5 i'm having troubles understanding the new security setup. I have a entity called "Customer" with same attributes like name / street ect. This entity derives (or generalization) of the entity Administration.Account. When I create a new customer with the user MxAdmin the system works perfect. But if I login with a different account the system always gives me a security error that the user isn't allowed to create an entitiy called Customer. I set all the obvious access on the objects... but without any results. My test user can edit accounts but can't create them. Do i miss something or is it simply not possible in 2.5 to create user accounts without having to log in as MxAdmin.
2 answers

To create a new System.User object the current user needs to have all the user roles of the new users in its grantable roles.

You can define the grantable roles for each user role (see project - security - user roles). With this setting you define what roles a user with this user role can grant to another (e.g. a new) user.

This behaviour did also exist in 2.4, but maybe you have to configure it again because you changed your inheritance structure by inheriting from Administration.Account.


Go to Project > Security ( I assume that the security level is set to production and the security is checked).

  • Is the project status complete ?
  • Have you added the module role of the role that is allowed to create users to the user role (Second tab)?
  • When you have done that you go to the first tab (module status) and check for your module all settings?

What you have done is possible.