Mendix API and Security
0
Hello, I'd like to know what's your favorite to prevent object creation using the mendix api, for users that are locked out of creating those objects using a nanoflow or a microflow logic. Even if I have just read rights for the entity members, with the logic below, I can create a infinite number of empty objects in the database. mx.data.create({ entity: "MyFirstModule.Cat", callback: function(obj) { console.log("Object created on server"); mx.data.commit({ mxobj: obj, callback: function() { console.log("Object committed"); }, error: function(e) { console.error("Could not commit object:", e); } }); }, error: function(e) { console.error("Could not commit object:", e); } });
asked
Rafael Dias
3 answers
0
Hi Rafael,
This will do a job.
For more information read following docs https://docs.mendix.com/refguide/security/
Best regards, Slavko
answered
Slavko Skoric
0
Hi Rafael,
Access rights are entirely managed via user roles. So you need to group users that can and cannot create objects into separate user roles.
I hope this helps.
Michiel
answered
Michiel Arts
0
Hi Rafael,
you can add your constraints in Xpath also refer below document,
https://docs.mendix.com/refguide/xpath-constraints/
also, please refer below documents to understand more in detail about access and user roles,
https://docs.mendix.com/refguide/access-rules/
https://docs.mendix.com/refguide/user-roles/
Thanks & Regards
Manikandan K
answered
Manikandan K