Apply entity access in Microflow

Question

Apply entity access in Microflow

7

Could you please consider enabling the "Apply entity access" property by default in Microflow?

Security protocols should always be enforced by default, making non-compliance the exception rather than the rule, requiring explicit action to opt out.

asked 2024-02-22

Bernardo Rangel

4 answers

Axel Trip · Answer 1 · 2024-03-15

Totally disagree. As a user you should be able to start a process / trigger functionality that create/reads/updates/deletes entities you normally shouldn't have access to.

This doesn't have anything to do with 'Security should be enabled by default' and it certainly isn't wrong to have it off.

For example: When a customer confirms an order, i want the microflow behind the 'Confirm' button to change the order status. However, I don't want the customer to have write access to the order status attribute.

Other example:

When a customer adds items to their shopping basket, i want the total value of the shopping basket to be updated. However, i don't want the customer to be able to adjust those values manually.

Tadeu Souza · Answer 2 · 2024-02-22

Totally agreeded!

Slavko Skoric · Answer 3 · 2024-02-22

Way before I think in Mendix 6 or even 5 it's was on by default and lot of people complained...... and rest is history haha... I believe in future they will provide solution, probably in app setting they will add button to make it default how ever you like it off or on.

Rogério Joras · Answer 4 · 2024-02-22

I agree totally. Security should be Enabled by default.