Dynamically Switching Mendix Roles (good idea or a no-go ?)

We have built an application (some sort of project workplace environment) in Mendix (currently 8). A user of our system can have different roles in different projects (e.g. project manager, project team member, project reader). We today model this in Mendix in a way, that when a user selects one of his projects, we  dynamically recalculate the users mendix roles. We then use the users Mendix roles for various decisions that a user is allowed to do (which microflows, pages, domain model acces rules...). We store the users current project in the database and use this in microflows to get his currently selected project. We then noticed that when a user switches his current project, the client did reflect the new caclulated users mendix roles. To solve this, we added a full page reload (using page url) that is done whenever the used switches the project, this solved the issue that the client then took the new roles correctly. We now encounter issues when a user selects a different project in a second browser tab which causes the users current project and mendix roles to be changed. It eorks correctly in the new browser tab, but when comes to the initial browser tab and wants to continue working on this page (e.g. saving pending changes), then it max fail because the roles of the user in the other project are considered by mendix (e.g. user has write role in project1, open project2 in separate tab where has only read roles). We then tried to solve this by a functionality in each called microflow that first checks if  the “correct” project is selected and automatically switches back to the corecct project (setting the users mendix roles back for this project). But even if did this, we encountered errors in the client that seem to be caused by the fact that in the client still the mendix roles of the user for the previously selected project are used. Our basic question now is: Do we need to do something special in addition to tell Mendix runtime that the users roles have changed and that it somehow “flushes” any cached role information on the user ? Or is the approach we used to dynamically switsch users mendix roles not supported be Menix runtime and we need to rebuild this using another approach where we store the project related roles of a user as data entities and at each point instead if checking the Menix user roles to check our own project role entities (which cause additional programming and processing overhead compared to the usages of Mendix user roles)  
0 answers