Entity Access by Attribute of different Entity

Hi all, I have a question which shouldn´t be too extraordinary but I couldn´t find anything. In my project, I want to store information about which data is accessible to each user in their respective account objects. For this I extended Administration.Account in my Domain Model and added an attribute for said information. Now I want to restrict the relevant entities and cannot find a solution on how to reference the account entity in the xpath expression. I am quite new to the whole Mendix environment and after some time playing around only get errors “no viable alternative at input ‘MyAccount’” when trying to bring the information into the expression. It seems to me, that the expression editor just won´t recognize any entities other than the one to restrict. If I was not clear enough please don’t hesitate to ask for clarification. Thank you very much in advance!
4 answers

I order to access the Account entity, you will need to create an association between the account entity and all other entities where you want to create the access rules. Once the entity has an association, you will be able to access the same in the XPath


Do you want to restrict access to the account entity or data of another entity?

The account entity data is already constraint with: [id='[%CurrentUser%]']


If you want to constrain other data for example; only access to MY OWN orders, you need have 2 options

  1. Path to owner. By enabling owner, and adding a constraint. Owner identifies account who created the order object


  1. By reference;
    Add a reference between Order and account

    Add XPath constraint on Order access rule, with path to user

I’ve created a specific entity for the tenancy in my project.
That entity is associated with the account extension and all the other main entities.

Let’s say that an account is associated to a specific department, and the department is associated with specific Customers.
The access rule xpath in Customer entity would be:

Customer_Department/Department/Department_Account = [%CurrentUser%]


If you have a sub entity, you can use the main entity for access rule:

Order_Customer/Customer/Customer_Department/Department/Department_Account = [%CurrentUser%]


This way the account will get the data associated to the specific department.
You can also associate multiple departments to the account.



I found a workaround:
Associated the relevant entity to the new account entity and went the whole way around from the to-be-restricted entity over the key entity to the account entity and comparing its id to ‘[%CurrentUser%]’