Access Rule do not work properly in Microflow
0
Because of my company's security policy, I'll explain my problem in text. I defind an Entity named Equipment_Set. - name : string - uuid : string Association (Account) *-* named ref_Managers And I defined two Access Rules 1 : [EQP_Status.ref_Managers='[%CurrentUser%]' or System.owner = '[%CurrentUser%]'] user can delete object / can see/ edit all values of the object (All rights) 2. [set_type='Global'] can see all values of the object (Read Only) These Access Rules work when I retrive Objects with Database as a DataSource But When I retrieve objects with Microflow, the microflow returns all the Objects in the database (Whether current user has a right or not! / But User cannot see the values in the Object. Only Empty Context is Returned). I wonder why this problem occured and how can i solve this. (I want the microflow returns only the objects that user has proper right.)
asked
kim duho
2 answers
0
It sounds like you need to Apply Entity Access to the microflow if you want the retrieve action to restrict access to what the current user only has access to. By default the microflow will have access to all the data. You can find this in the Properties tab of the microflow.
More details can be found in the documentation.
https://docs.mendix.com/refguide/microflow/#241-apply-entity-access
Good luck!
answered
Robert Price
0
Hi kim duho,
There is a option in microflow as "Apply Entity Access", when you want to apply access rules to the microflow you should allow that.
Hope it helps kim.
answered
Bhargav Ram Singh Bondili