Entity access dont work

2
Hi Mendix Developers,   In one of my application I have an entity with the following rights   so, no creating and no delete rights for user role User.   Still when I click my buttons and run the following Microflows: an object by the User userRole is created (apply entity access is enabled). Also deleting:   this microflow also deletes a plane object for userrol USer, while entity Access is enabled.   Can anyone explain me why the userrole User can still create and delete plan objects while setting acces rules that prevents this and explicit set apply entity access to enable?   Thanks in advance, Jan                
asked
2 answers
4

Hi Jan,

 

As far I tested the “Apply Entity Access” works as intended in Mendix 9.17 / 9.18. Not sure if this feature was “bugged”/”not implemented” in previews versions.

 

However, in your first example, you are performing a COMMIT. In that case, Mendix allow it, because we don’t have a “Allow Commit” access right. 

 

As you can see, in Mx 9.18 you can’t, create / delete or change without rights.

 

Change:

Create:

 

 

Delete:

 

 

Att

answered
2

Take a look at this learning path (Configure Advanced Security), specifically section 2.6.

 

Entity access is not applied in microflows, unless you set the property ‘Apply entity access’ to true. In my opinion, you should not use that setting, as it leads to other problems. The better solution is to not give a user role access to a microflow which deletes an object if you do not want that.

answered