Node Permissions

Last update: Edit

1 Introduction

Fine-grained access management for your Mendix Cloud environments is handled in the Permissions tab of the Environments page for your app.

Here, the Technical Contact can manage various permissions to the environments for each team member.

Each team member can subscribe to, or unsubscribe from, the alerts,

See App Roles to learn more about the roles of team members.

2 Viewing Your Nodes

To find a list of all the Mendix Cloud nodes to which you have access, click the Switch-to menu in the Developer Portal and choose Cloud.

Licensed Mendix Cloud nodes

You will see a list of all your nodes:

Licensed Mendix Cloud nodes

Clicking Environments will take you to the Environments page for the app that is deployed to this node.

3 Permissions

Permissions allow you to give specific access to your environments to individual members of a team.

3.1 User Roles for Managing Permissions

Only users with the Technical Contact role or team members specifically allowed to Manage Permissions can manage the permission settings for the cloud node.

The permissions are set independently for each environment. You can choose the environment at the top of the Permissions tab. Changing the permissions for a production environment will require two-factor authentication (see Two-Factor Authentication).

Only team members who have permission to Deploy, Publish, and Monitor can view the permissions.

3.3 Accessing Node Permissions

To access the node permissions, do the following:

  1. Click Environments for your app.

  2. Open the Permissions tab.

  1. Select the environment for which you want to change permissions from the drop-down.

  2. Complete two-factor authentication, if required for the selected environment.

3.4 Permissions

The Technical Contact and team members specifically allowed to Manage Permissions can set the following node permissions.

3.4.1 Manage Permissions

With Manage Permissions, team members other than the Technical Contact can change the permissions granted to team members.

3.4.2 Transport Rights

With Transport Rights you can deploy new versions of the application to the node. You can also create new deployment packages, stop and start the environment, and change configuration settings such as constants and scheduled events.

For more information about deployment, see Mendix Cloud.

3.4.3 Access to Backups

The Access to Backups permission grants access to the backups of the environment. You can view, create, download, and restore backups.

For more information, see Backups.

3.4.4 Receive Alerts

When Receives Alerts is checked, this user will receive an email when an alert is triggered.

Alerts are triggered by any of the following circumstances:

  • the app goes offline unexpectedly
  • the application logs a message with level Critical
  • the health check fails
  • one of a number of infrastructure problems occurs

3.4.5 API Rights

With API rights, you can use the Deploy API to get programmatic access to the environment.

As the API does not require two-factor authentication, it is disabled for the production environment by default. The Technical Contact can assign API access for each user.

3.4.6 Access to Monitoring

With the Access to Monitoring permission, you can view the application metrics, logs, and alerts in the Developer Portal. This allows you to successfully operate your Mendix Cloud environments.

For more information, see Metrics, Logs, and Alerts.

4 Downloading Node Permissions

You may want to have a complete list of node permissions for audit purposes. The Technical Contact can download a list of permissions as a CSV by clicking the Download to CSV button. This button is only shown to Technical Contacts.

The CSV file will contain a list of environments, users, and their respective permissions.

5 Technical Contact

A cloud node has a single Technical Contact. They manage the cloud node and can edit the privileges of regular team members.

The Technical Contact can give the technical contact role to another team member. Click Change to Technical Contact under the user who should be the new Technical Contact. After this, the new user has the Technical Contact role, the old user does not.

For full details on this role, see the Technical Contact section of App Roles.