I have a project system. The system requests are as follow: 1. It includes different departments can use different modules to play different roles in this system,and every department have its own rule. 2. different department have many modules. And every modules has many functions, and different functions have different entity access, about read or write or read and write For example: - Mis Liu is a manager. She can read and write informations - Mis He is a staff. She can't read and write informations - Mis Wang is a staff,she can just read. So, how can i realize this Mendix Project Security have User roles, Module have module roles and entity access, how can i union them. Or I need create a rule entity to control roles.
It seems to me that you have to set up (as normally) different module roles with different rights and at the end also different user roles.
1 - Define the different users per module (manager, staff)
2 - Define the different user roles (manager, staff)
3 - Setup access per entity in domain model ( read & write, read only)
4 - Applying entity access limits the objects that are retrieved by the retrieve action to only those that the current user is allowed to see. For example if you want that a user sees just information of his department you can apply this in the MF of that retrieve action.