apply entity access not doing what expected

1
Hey,   I used a data grid with a Microflow as data source. Let’s call the Microflow “DS_get_values”. It has “apply entity access” disabled and does not do any further checks.   However, it seems to apply the xpath constraints nonetheless.   Looking at the traffic it seems that the guid of the non-readable object can be fetched, however, the attributes cannot.      Is that intended behaviour? I would suspect that if entity access is not enforced the microflow should be able to fetch all entries without any restrictions, since it says “entity access” not “member access”.    Or do I miss something?   Thank you in advance
asked
2 answers
1

apply entity access Y/N only affects if access rules are evaluated IN the microflow, executed on the application server.

The moment you send data from a microflow to the client, entity access rules will be applied and thus objects the users doesn't have access to, will be excluded.

 

TLDR; this is expected behavior. And luckily it does work like this, otherwise you would be able to read data your aren't allowed to. 

answered
0

Hi Torsten Bert,

                             In Mendix all the external data’s are added as Mendix object attributes through a structure. That structure is a entity which includes all needed attribute to DB. To access the data , the created useroles must be authorized to access those data where it is about Read or write/creating or retrieving Mendix objects.  The created roles must have access right to both data source (DB) and operation(maybe microflow). I hope it helps. 

answered