Question

MxAdmin usage

0

To my understanding MxAdmin is the Admin user available by default in Mendix. By logging-in with MxAdmin other admin users can be created. But if the same Mendix package is somehow shared(un-officially) with another customer already having the Mendix runtime license, he can also start using the app with MxAdmin. Just trying to understand from the security aspect the process to stop such app usage.

asked 2023-12-08

sandeep bhole

2 answers

Juriaan Van Kerckhove · Answer 1 · 2023-12-08

Hi Sandeep

The MxAdmin is a User object instead of an Account object (which might explain why it is not that easy to find, since most account management tools within Mendix use the Account entity). You can always remove it like this:

Create an overview page of all user objects as masterdata for the administrator, this should list the MxAdmin as well
Implement a delete button for administrator

Do note, however, that I personally find the MxAdmin a useful backdoor to the application, since it is the only user you can remotely access using the sprintr when you get locked out of your application. If you keep this in the back of your mind, I might suggest making the password incredibly complex instead, or taking other security measures for this user. If you say it does not matter in your case, feel free to delete it.

Hopefully this answers your question

Micha Friede · Answer 2 · 2023-12-08

I would opt for renaming the default admin from MxAdmin to something else and have a more secure password set in Studio Pro. Be aware that MxAdmin is not removed as a user automatically!

On a licensed cloud environment, this password is not used. Only with the correct credentials you will be able to reset it (and this is logged).

Furthermore, you can make sure that by default de Administrator role has limited capabilities and set up a functional Admin role for all you app configuration.

Please take a look at the best practices for app security as well