Question

Define global security for all microflows and pages

0

Is there any way to define the Allowed Roles property for all microflow globally? We do not wish to define the allowed role property separately for each microflow. Can the same be implemented for pages and nanoflows?

asked 2022-03-09

anushree sarkar

2 answers

Martin Koelewijn · Answer 1 · 2022-03-09

Not that I know of. It’s also not possible to do globally, since you assign module roles to pages and flows. Also you probably don’t really want this. Security can be a time consuming pain in the a.., but you shouldn’t just automatically assign roles. That would also mean these flows would be available through javascript api and could be executed at will by users with the assigned roles, if they know their way in a browser console. And most microflows don’t need roles. Mendix will even throw warnings if you assign roles to a flow that’s not called from a button or published rest service.

Robert Price · Answer 2 · 2022-03-10

I believe the only way to do this would be to use the Mendix SDK to do it programatically.

https://docs.mendix.com/apidocs-mxsdk/mxsdk/

As Martin says in his answer, you shouldn’t just automatically assign roles. I would always start developing a Mendix application with production security enabled and assign roles as I build. It’s harder to go back and retrofit security.