Dear Alex,
Handling privacy and ensuring data security in a Mendix application, especially for a customer database, involves a combination of Mendix's built-in security features and designing your domain model with data access in mind. I tried to pull together a high level beginner-friendly guide to setting up your application to meet your requirements:
1. Understanding Mendix Security
Mendix offers a comprehensive security model that includes user management, module roles, and page access. Familiarize yourself with these concepts:
2. Setting Up Your Domain Model
Your domain model is the backbone of your application. To meet your requirements, you’ll need to structure it in a way that reflects the relationships between companies and their users, as well as the customer data they create.
Entities to Include:
3. Implementing Access Rules
Access rules are crucial for ensuring that users can only access data that’s relevant to their company.
4. Creating User Roles and Permissions
Define user roles within your application that correspond to the different types of users you expect (e.g., CompanyAdmin, RegularUser). Assign these roles specific permissions that align with the access they should have.
5. Utilizing Mendix’s Built-In Features
Leverage Mendix's built-in security features to enforce these rules:
6. Testing Your Security Setup
Before going live, thoroughly test your application with different user roles to ensure that the security measures are correctly implemented and that there are no loopholes.
An Example using an essential XPATH constraint to restrict access...
Consider a simple microflow that retrieves customer data:
[Customer_Company/CompanyID = $CurrentUser/CompanyID]
to fetch only the customer data associated with the user's company.By carefully designing your domain model, implementing detailed access rules, and making good use of Mendix's security features, you can create a secure and privacy-compliant customer database application. Always keep Mendix's best practices in mind and refer to the official Mendix documentation for the most current and detailed information.
In addition, I would recommend you to have a good look at the available Mendix online Academy courses, certainly about xpath and security there are good trainings available.
Success and have fun!