Question

security best practise

0

hello experts , how to insure that user role doesn't allow us to see attributes on the page? does it from visibility from page or can I use xpath constraint or some thing else

asked 2023-05-23

deena newash

2 answers

3

Visibility is no security. I would advise to follow some academy lessons like this one: https://academy.mendix.com/link/modules/549/lectures/4277/9.1-Securing-Your-App

You should set access rules on the entities.

Regards,

Ronald

answered 2023-05-23

Ronald Catersels

Maarten Bongers · Accepted Answer · 2023-05-23

Hi Deena,

With the acces rules on entity level you can make sure that the user can or can not read/write the data on database level. https://docs.mendix.com/refguide/access-rules/

If you have a page and want a specific user role to not see the label and attribute field on that page you can set conditional visibility for this user role.

Hope this helps!