Best Practices for Managing Privacy in Mendix: Setting Up a Customer Database

I'm seeking advice on the optimal approach to handle privacy concerns within a Mendix application, specifically in setting up a customer database. I'd appreciate insights and examples on how to ensure data security while meeting the following requirements: Objective: Develop an application with a singular function: managing a customer database. Requirements: A customer registers an account with a company name. Users associated with a particular company can access the customer database created by any user within the same company. Users should not have access to customer data created by users from other companies. I'm eager to learn from your experiences and expertise in implementing such solutions effectively within the Mendix platform.
1 answers

Dear Alex,

Handling privacy and ensuring data security in a Mendix application, especially for a customer database, involves a combination of Mendix's built-in security features and designing your domain model with data access in mind. I tried to pull together a high level  beginner-friendly guide to setting up your application to meet your requirements:


1. Understanding Mendix Security

Mendix offers a comprehensive security model that includes user management, module roles, and page access. Familiarize yourself with these concepts:

  • User Management: Handles the creation and management of users within your application.
  • Module Roles: Define what a user can do within specific modules of your application.
  • Page Access: Controls which pages a user can see and interact with.

2. Setting Up Your Domain Model

Your domain model is the backbone of your application. To meet your requirements, you’ll need to structure it in a way that reflects the relationships between companies and their users, as well as the customer data they create.

Entities to Include:

  • Company: This entity represents companies in your application. It should at least include a CompanyName attribute.
  • User: Mendix automatically handles user entities, but you'll need to extend it to include a reference to the Company entity, establishing which company a user belongs to.
  • Customer: This entity represents the customer data. It should include all necessary customer information and a reference to the Company entity to indicate which company the customer is associated with.

3. Implementing Access Rules

Access rules are crucial for ensuring that users can only access data that’s relevant to their company.

  • For the Customer Entity: Set up access rules that check the company of the user against the company associated with the customer data. Only allow read/write access if the companies match.
  • For the Company Entity: Typically, users can read data from their own company but should not modify it directly, depending on your specific requirements.

4. Creating User Roles and Permissions

Define user roles within your application that correspond to the different types of users you expect (e.g., CompanyAdmin, RegularUser). Assign these roles specific permissions that align with the access they should have.

  • CompanyAdmin: Might have permissions to add or remove users from their company, and manage all customer data within their company.
  • RegularUser: Can view and add customer data but cannot manage users.

5. Utilizing Mendix’s Built-In Features

Leverage Mendix's built-in security features to enforce these rules:

  • XPath Constraints: Use XPath constraints in your data retrieval microflows/pages to ensure that users only fetch data associated with their company.
  • Page Access: Control access to pages based on user roles to ensure users only interact with appropriate parts of the application.

6. Testing Your Security Setup

Before going live, thoroughly test your application with different user roles to ensure that the security measures are correctly implemented and that there are no loopholes.


An Example using an essential XPATH constraint to restrict access...

Consider a simple microflow that retrieves customer data:

  1. Retrieve Action: Use a retrieve action with an XPath constraint like [Customer_Company/CompanyID = $CurrentUser/CompanyID] to fetch only the customer data associated with the user's company.
  2. Page Display: Ensure the page that displays customer data is accessible only to users with the appropriate role and that it correctly interprets the data based on the user’s company.

By carefully designing your domain model, implementing detailed access rules, and making good use of Mendix's security features, you can create a secure and privacy-compliant customer database application. Always keep Mendix's best practices in mind and refer to the official Mendix documentation for the most current and detailed information.


In addition, I would recommend you to have a good look at the available Mendix online Academy courses, certainly about xpath and security there are good trainings available.


Success and have fun!