Hello George,

You can reach your objective in different ways.

Firstly you can apply different access to different attributes for different userroles, you can set this on the entity under acces rules. 

Secondly, you can add extra security by adding an xpath to further minimize the access of the user.

Please see the following documentation:4

https://docs.mendix.com/refguide/module-security/#entity-access 

and learning path:

https://academy.mendix.com/link/paths/9/Configure-Advanced-Security

Hope this helps

Good luck

Hey George!

I don't think you can restrict access to a specific attribute through rules/constraints without a separate user role for it which will also just let you set the constraints for the whole entity itself.

This I believe can be achieved through visibility conditions or setting a boolean for the user and restricting read access to it wherever the attribute is being used.

Hi George,

Depending on your specific requirement, it is possible to solve this by using entity access. I assume you would like to make this access configurable by an administrator or other role. If so, you could introduce an association between the Person/Account and the object (tree) you want to provide access to. For example; inroduce an association between the Person and a Company entity. Now, you can create a configuration page for an administrator to set the association between Person and Company. In the entity access xPath, you can state that only accounts with a certain role AND an association to the Company have read access. It's important to limit the write access to this association to specific administrator roles only.

From the top of my mind, this is also handled in the learning path suggested by Jelle. This is a somewhat short answer, but hopefully it explains the concept enough to complete your feature.

Kind regards,

Jeroen