Fine-grained access management for your Mendix Cloud environments is handled in the Permissions tab of the Environments page for your app.
Here, the Technical Contact can manage various permissions to the environments for each team member.
Each team member can subscribe to, or unsubscribe from, the alerts,
See App Roles to learn more about the roles of team members.
2 Viewing Your Nodes
To find a list of all the Mendix Cloud nodes to which you have access, click the Switch-to menu in the Developer Portal and choose Cloud.
You will see a list of all your nodes:
Clicking Environments will take you to the Environments page for the app that is deployed to this node.
Permissions allow you to give specific access to your environments to individual members of a team.
3.1 User Roles for Managing Permissions
Only users with the Technical Contact role or team members specifically allowed to Manage Permissions can manage the permission settings for the cloud node.
The permissions are set independently for each environment. You can choose the environment at the top of the Permissions tab. Changing the permissions for a production environment will require two-factor authentication (see Two-Factor Authentication).
Only team members who have permission to Deploy, Publish, and Monitor can view the permissions.
Note that only team members with a user role which includes permission to Deploy, Publish, and Monitor the app will be listed in the Node Permissions tab.
You can change permissions for team members in Team.
3.3 Accessing Node Permissions
To access the node permissions, do the following:
Click Environments for your app.
Open the Permissions tab.
Select the environment for which you want to change permissions from the drop-down.
Complete two-factor authentication, if required for the selected environment.
The Technical Contact and team members specifically allowed to Manage Permissions can set the following node permissions.
3.4.1 Manage Permissions
With Manage Permissions, team members other than the Technical Contact can change the permissions granted to team members.
Only the Technical Contact can grant this permission to other team members.
3.4.2 Transport Rights
With Transport Rights you can deploy new versions of the application to the node. You can also create new deployment packages, stop and start the environment, and change configuration settings such as constants and scheduled events.
For more information about deployment, see Mendix Cloud.
3.4.3 Access to Backups
For more information, see Backups.
3.4.4 Receive Alerts
When Receives Alerts is checked, this user will receive an email when an alert is triggered.
Alerts are triggered by any of the following circumstances:
- the app goes offline unexpectedly
- the application logs a message with level Critical
- the health check fails
- one of a number of infrastructure problems occurs
3.4.5 API Rights
With API rights, you can use the Deploy API to get programmatic access to the environment.
As the API does not require two-factor authentication, it is disabled for the production environment by default. The Technical Contact can assign API access for each user.
Other permissions are needed in addition to API Rights.
For example, to access backups via the API you need Access to Backups in addition to API Rights.
3.4.6 Access to Monitoring
With the Access to Monitoring permission, you can view the application metrics, logs, and alerts in the Developer Portal. This allows you to successfully operate your Mendix Cloud environments.
4 Downloading Node Permissions
You may want to have a complete list of node permissions for audit purposes. The Technical Contact can download a list of permissions as a CSV by clicking the Download to CSV button. This button is only shown to Technical Contacts.
The CSV file will contain a list of environments, users, and their respective permissions.
5 Technical Contact
A cloud node has a single Technical Contact. They manage the cloud node and can edit the privileges of regular team members.
The Technical Contact can give the technical contact role to another team member. Click Change to Technical Contact under the user who should be the new Technical Contact. After this, the new user has the Technical Contact role, the old user does not.
For full details on this role, see the Technical Contact section of App Roles.