Deeplink and Page security

0
Hi all, We have setup deeplink in our application and we are using it to embed URLs links in emails that we send from our application. Only signed in users can access the deeplink (this is working correctly). We have two user roles "AA" and "BB" in our application.  The deeplink microflow retrieves an object from DB (both user roles have access to this object) and then passes it to a show Page action (only user "AA" is allowed to see this page). Entity Access is set to yes for this microflow. When logged in as user "AA": everything works fine, the link works the user sees the page with all the information. When logged in as user "BB": I would expect that the user would not be allowed to see the page because the user role is not allowed access to it. Instead I can see the page just fine. Am I doing something wrong? Is this the expected behaviour for deeplinks? Any suggestions on how I can show a message saying "Sorry user BB but you are not allowed access to this page for security reasons", based on the page security settings? Modeler version 6.5.1; Deeplink version 4.3 Thanks, Andrej  
asked
2 answers
1

Apparantly you are using a microflow to access the data. In this microflow you can Always add a split which gives you the message you want. Or are you expecting deeplink to do that for you?

Is BB only seeing the page? Or also the data?

answered
1

Andrej you seem to have drawn all the right conclusions yourself. You cannot adhere to the DRY principle here.

Also, realise that the content of pages cannot be considered secret. So if it is really a huge issue that a user is able to access a certain page, then your entity access is probably considered wrong (or you should not be using Mendix in this case).

answered