I have configured entity access for certain entities using an XPath constraint. When a user opens a form containing a data grid of this entity, all entities are shown (i.e. the number of rows in the grid is equal to the number of objects stored in the database), even though entity access should prevent access to a number of these entities. The rows which should not be shown are empty instead, so it seems like entity access is preventing the data in the attributes from being shown, but it is not preventing the object from being shown. Furthermore, these object can be passed to a form containing a data view and if the user modifies the information and saves, an error occurs because write access is denied. Finally, this is not consistent behavior: this is only occuring in one specific project, which was upgraded from version 3 to version 4.3.2. If I model the exact same situation in a clean 4.3.2 project, the entity access works as expected: unaccessable objects are not shown in the data grid. Is there any way to fix my project?
Rom van Arendonk
Which attributes are empty? Attributes from System.User?
To see properties of other user accounts, such as Name, Active and _Blocked, you do not only need to have read rights on the attributes, but you need to have role management rights for the role that specific user has as well
These can be set under project security, but note that this can be dangerous from security perspective! (A grantable roles means you can practically manage everything about users you are allowed to manage)
As work around you can copy the attributes you are interested in into an other attribute.
Submitted a ticket in the support portal. It turned out to be a bug, which will be fixed in Mendix 4.4.0.