Hi, I am using ‘FileManager’ module for uploading/downloading module. It works fine. When I download file, I can inspect in Networks tab and get the file id as: https://applicationurl.com/file?guid=guidIdofthefileobject Anyone having this link is able to access the file. I would like to restrict this kind of access to specific roles in the application. Best would be if direct access like this can be restricted for everyone. Users should login to the system, and download files only through the File Manager module that is integrated within the application. They should not be able to access the file directly through url. Does anyone have any idea about such a restriction? Thanks, Gaurish
You are right about the constructed URL, that will be in that format.
However, Mendix will check your session and your access rights before the file is downloaded. For example: if the downloaded file is of the type “EmailTemplate.Attachment”, it will check if the entity access on that entity grants you the rights to view the content (see access rules in screenshot below).
When running locally, you should set the security on Production to have this restriction in place.