Manage Users

Hi Using Mendix 9.6.0. I have some headache with playing with advanced role. I’m trying to create an apps where users from a specific role (for example processholder) will see the elements they only have to see. let say that I need some “subroles”. (ex: processholder of this account). for the display I was planning to use Xpath… but I’m stuck before that. Indeed I tried to extend (generalization) of the system.user tab but it seems that it is different than the one when I’ll be in prod. I’ve gone through all doc I could find, but I’m still in the cloud. Is there a doc, a training, or anything that I could read to better learn about such a topic?
5 answers

Do this:

- In the module that contains the entity: create a modulerole, say mrProcessHolder

- In that module’s domainmodel, open the entity, click on tab ‘access rules’, click ‘new’, select mrProcessHolder, per attribute set ‘-’ or ‘Read’ or ‘ReadWrite’ as you see fit. Click save

- in Project → Security create and/or open a userrole (aka projectrole) that you give a name, say ‘ProjectHolder’

- assign userrole ‘ProjectHolder’ that modulerole ‘mrProcessHolder’

- assign userrole ‘ProjectHolder’ to a user account

- place your entity on a page in list view and/or in a datagrid and set the page’s visibility to userrole ‘ProjectHolder’

Now log in with the user, go to the page and as you will notice, only the attributes that you have set to ‘Read’ will get shown.

Btw. there is no need to specialization of entity User. Good luck!


It seems you want to limit data for specific users ‘processholder of this account


In that case

  1. create an entity  ProcessHolder,
  2. make an association to Account (ProcessHolder_Account)
  3. add an access rule to processholder for that role [Process.ProcessHolder_Account='[%CurrentUser%]']


Now users with this role can only see ProcessHolder entities which they are connected to. Read Tim;s answer how to set this role in the project.


Other entities can be associated to Processholder and can use the same method, but don't make the path too long.


More info


thanks for both answers.

I’m indeed in the case described by Chris.

I followed the doc you mentionned Chris, but I’m stuck one step “before”.

If I take the example of the doc : 

- I created the customer table (serialization of system.user) and the order table

- In the Order_NewEdit page, I created a field to “link” a Customer to this order. I used the reference selector on the “Name” field inherited from system.user.


Here I have multiple path

I can serialize to system.user but in that case I don’t get the Full name which is added at the serialization in the Admin tab.

If I serialize with admin.Account, I have an empty list retrieved...


I start to get a grip on the issue.


I created a page to look at the customer table. If I point the dataview to customer table I can’t see anyone.

If I point the dataview to account.adminstrator it retrieve well the users…

Need to experiment more… cause I don’t want to change the account.admin tab but my serialization...



Back to the basics.

I created a new apps. I’m not deploying the apps, not implemented any security.

In navigation, I create 1 link to the account admin page.

1 create 1 user. 

In the domain model only 1 entity “Customer”. I serialize it on administration.account.

I create 1 page with a list view. 

If I put as datasource administration.account, I got the user appearing

If I put as datasource system.user, I got the user + anonymous users which are my connections

If I put as datasource customer, I got nothing.


This is last part that I don’t understand. Why do I have nothing? (If I change the serialization of the entity to system.user, not better)