Is it possible to individually set read access and write access using different XPath constraints?

It is possible to set the access level of an entity using an XPath constraint. However, this is for read, write AND delete. Is there a way to set the XPath constraint to the write access exclusively and not touch on e.g., read access? In other words, a user will be able to read the data at all times, but only write the data based on a condition.
3 answers

Yes, you can just make 2 different rules and they will be considered as an AND statement.

So when Mendix interprets the security rules it will check both conditions and apply the read rule first,

and then based on the condition it will allow for writing.

I'm pretty sure it has an impact on performance of XPath queries though.


Yes this is possible. YOu can add multiple access rules per role with different xpath constraints:


It is a good practice to never allow Create or Delete for any entity, ever.

This has 2 reasons:

 – The way it works is very confusing anyway
 – It makes it much harder to trace the lifecycle of objects in your application if they can magically be summoned or destroyed by users.