Question

Accessing User and UserRole Entities

0

Hi Team, We need to show the Business Admin a page listing all the Users information along with their roles information. We are able to achieve this only if we are giving the Administrator Access to the Business User. But without the administrator access, the information from User and UserRole table are not coming up in the page. Can you please provide information is this is feasible in Mendix or not? If feasible, the approach to achieve the same. Thank you.

asked 2024-08-14

Rahul Agarwala

5 answers

Orissa Vellekoop · Answer 1 · 2024-08-14

Can you explain a bit more about what you mean? You can create a userrole with admin (read) rights and assign this to the business user.

Stella D · Answer 2 · 2024-08-14

Hi Rahul ,

Can you try mapping the user module role from Administrator Module to your BusinessUser Userrole. This access will provide read access to those entities for this userrole.

If possible can you share the screenshot of your businessuser userrole where you have provided the admin access?

Sharad Suryavanshi · Answer 3 · 2024-08-14

Hi Rahul,

set this for business admin role, it will allow to see records

Hope it helps!

Stella D · Answer 4 · 2024-08-14

Hi Rahul

Can you remove the user module role access from System module. You have given both Administartor and User access here.

Select all userroles under usermanagement section of your BusinessUser userrole like below

Rahul Agarwala · Answer 5 · 2024-08-20

The access rules for System.User attributes/associations cannot be changed (contrary to attributes/associations added in specializations). Given two user's A and B, the following possibilities exist:

A and B are the same, then: A can read USER_NAME, USER_ROLES, USER_TIMEZONE, USER_LANGUAGE, USER_ISANONYMOUS and write to USER_TIMEZONE, USER_PASSWORD, USER_LANGUAGE, cannot delete self
A can manage B, then:
- A can read following attributes of B: USER_NAME, USER_LASTLOGIN, USER_ACTIVE, USER_BLOCKED, USER_BLOCKED_SINCE, USER_WEBSERVICEUSER, USER_ISANONYMOUS, USER_ROLES, USER_LANGUAGE, USER_TIMEZONE
- A can write following attributes of B: USER_NAME, USER_PASSWORD, USER_ACTIVE, USER_BLOCKED, USER_BLOCKED_SINCE, USER_ROLES, USER_TIMEZONE, USER_LANGUAGE
- A can delete B
A cannot manage B, then A cannot read/write any attribute of B or delete B

So you cannot have a role that has read/only access to the USER_ACTIVE attribute, for instance. But, you can still create custom logic to get equivalent behaviour. For example, you can create another entity (e.g. UserView) that has the required attributes and you can have a microflow that extracts relevant data from users and can create UserView's. The microflow can have Apply entity access set to false, which allows it to read any attribute from any user and you can give specific roles access to that microflow.