2

Hello! This is a somewhat generic question – hoping to gather some opinions around the idea that every UserRole should correlate with one ModuleRole (a Mendix Best Practice).  Another teammate introduced me to the concept of Role Based Access Control (RBAC) and we’ve been playing around with this and ModuleRoles. Idea being that you would essentially look at each module, start with each entity, and then write a Module role for each one with corresponding pages and microflows.  Assign roles based permissions at the UserRole level.  EX: An application with the User Roles Manager and Employee . A Module named “Inventory Managemenet” may have the ModuleRoles InventoryReadWriteDelete, InventoryReadWrite, InventoryRead, EmployeeProfileReadWriteDelete, EmployeeProfileReadWrite, etc. These are then all correlated with their respective microflows/pages. (This is a REALLY condensed example).  There are definitely valid reasons to have tried this out – the biggest advantage seems to be flexibility/QUICK re-usability, especially when there are a lot of users that are very similar but ever so slightly different.  EX: Take the above Manager, Employee example and add Administrator, Junior Employee, Owner, Intern. Having all of the module roles lined up makes configuring a new UserRole super simple. Pop the Administrator role in and then go down the list and mark off exactly what they should have access to.  The two biggest cons so far are that the above setup has the potential to get WAY too granular and unmanageable, and it breaks Mendix’s best practices.  Again I know this is vague and I can try to give more context if anyone needs any clarifying information – really looking for opinions on why you would or wouldn't take this approach. 

asked 2020-05-15

1 answers