Question

Make a page only accessible to a user with multiple roles

0

Hi there, I’m creating an app with two different role types. One that corresponds with the facility a user is working in and one that corresponds with certain data they’re allowed to access. The app manages different types of data, that are specific to a certain facility. A user is assinged a role for their facility and one or multiple roles for the data they’re allowed to see. As an example. A user working in facility A ist allowed to see data A and B of that facility but not data C. The user is not allowed to see any data of facility B. The roles assigned to that user are facility A and data A, B. Is there a way to make data A of facility A only accessible, if a user has both the role of facility A and data A? Thanks alot in advance!

asked 2020-10-21

Cecil Wiest

2 answers

Rene van Hofwegen · Answer 1 · 2020-11-09

That can be achieved pretty easy within Mendix.

Though is captured in a different way than your approached. Its not depending on two different roles and the combination with data. But is should be captured in a single role with the right data structure.

You should have a datastructure/domain model in place which matches the idea of this domain model

A facility, with data referencing that Facility. I added a single entity, but that could be also attributes inside the entity Facility and or many other entities related to the Facility.

The User is assigned one or more Facilities using a association

On security level; you can add a module role facility manager with access to all dat if it matches the constraint:

[UserAccess.Facility_Account='[%CurrentUser%]']

In this scenario a user can only access the facility data if it associated with the account of the logged in user

Johan Flikweert · Answer 2 · 2020-11-09

Hi Cecil,

I do not completely follow your question, but in general: you could create a (non-persistent) helper entity to manage some more advanced visibilities based on both data access and your role.

Create for example an entity “VisibilityHelper” having an boolean attribute “Show”. Create an object using a datasource microflow having your custom logic and use this on your page inside a dataview. Put the button you want to give conditional visibility inside this dataview and select the conditional visibility and set it on the Show boolean.

Hopefully this helps a bit!

Kind regards,

Johan