Is security upheld when using a Mendix based report.

1
We have order system in which each order is coupled to a participant and each user is linked to a participant. Based on xpath constraints in the security layer users are only allowed to see orders of their participant. However when running a report with a dataset on all orders, orders from different participants are also returned. Are there ways to prevent this or is this a bug?
asked
1 answers
3

I found a solutionhere but it is a bit more complicated then i first thought.

You first have to apply an constraint on the parameter in my case:

[Orders.Order_Participant/General.Participant/General.Participant_ParticipantEmployee = '[%CurrentUser%]']

Then you have to go to the domain model to apply these constraints to the user roles that require these constraints. You don't even have to have the participant parameter on your screen.

answered