Problem with anonymous security after switch from no security to production

0
Because we switched from free to basic we have set the security model to 'Production'. In Free everything is working like a charm but when we switch to production we can not access even simple.   We work with anonymous access, so have set anonymous access to [on] and the assigned user role to [Administrator].     The problem that occurs is that microflow buttons and nanoflow buttons on the page are not shown. It looks like the anonymous 'Administrator' role is not set. The button is only shown if I set visible to [all Roles] .. so not on 'default' or 'selected' roles' where the 'Administrator' is selected.   When I show the button by setting visible to 'all roles' - it displays ignore security - and I click the button I will be forwarded to the default Login form.   What am I forgetting or doing wrong here?   I was under the impression that when I set anonymous access to true with the right role (Administrator) that this should work.   To test this problem I created a simple page with a text and a nanoflow button that is set as the default home page   These are the button's settings :     The nanoflow retrieves the first record of the config enitty.     If someone can point me in the right direction it would really be appreciated.   Kind regards, Martijn
asked
2 answers
0

On the one hand you are right. The modeler could have given a better hint on what you are doing wrong. On the other hand if you make a mistake like that you have not read anything on how Mendix handles security. I would seriously suggest to follow the following learining path: https://academy.mendix.com/link/paths/9/Configure-Advanced-Security

Because otherwise you will learn that your anonymous users can do all kinds of stuff you probably do not want them to do. Anybody with a bit of Javascript is able to change your data in the database.

Regards,

Ronald

 

answered
0

Found my own answer .. 

 

It is not allowed to use the 'Administartor' role. After selecting another role, that also was setup the same way as the Administrator role, the problem was solved.

 

While it is understandable you should not use the 'Administrator' rol for anonymous access .. I still would have expected system control or correct log messages that would point this out.

 

 

answered