Node Permissions

Last modified: November 1, 2024

Introduction

Fine-grained access management for your Mendix Cloud environments is handled in the Permissions tab of your app’s Environments page.

On this tab, the Technical Contact and any team members with Manage Permissions enabled can manage various permissions to the environments for each team member.

Team members who have a role with Cloud Access can view the permissions. For more information, see App Roles.

Viewing Your Nodes

To find a list of all Mendix Cloud licensed nodes that you have access to, open the Global Navigation menu and click Deployment.

You will see a list of all your licensed nodes:

To go to the Environments page for the app that is deployed to a node, click Environments on that node.

Permissions

In the Permissions tab of the Environments page, you can manage access to your environments for each team member.

User Roles for Managing Permissions

The Technical Contact and any team members with Manage Permissions enabled can manage the permission settings for the cloud node.

Mendix Admins can manage permissions using the Deploy API v4. For more information, see Deploy API – Version 4.

Permissions are set independently for each environment. To choose the environment, use the drop-down list in the upper-right corner of the Permissions tab. Changing the permissions for a production environment requires two-factor authentication.

Team members with a user role that includes Cloud Access can view the permissions.

Team members with a user role that includes Cloud Access are listed in the Permissions tab. This tab also shows deactivated users who have been given these permissions, even though these users no longer have access to your project.

You can change user roles for team members in Team.

Accessing Node Permissions

To access the node permissions, do the following:

Click Environments for your app.
Switch to the Permissions tab.
From the drop-down list in the upper-right corner, select the environment for which you want to change permissions.
If prompted, complete two-factor authentication.

Permissions

The Technical Contact can enable and disable Manage Permissions for the other team members. Any team members with Manage Permissions enabled can set the following node permissions: Transport Rights, Access to Backups, API Rights, and Access to Monitoring.

Manage Permissions

Team members with Manage Permissions permissions can change the permissions granted to team members. Only the Technical Contact has this enabled by default.

Only the Technical Contact can grant this permission to other team members.

Transport Rights

Team members with Transport Rights permissions can deploy new versions of the application to the node. They can also create new deployment packages, stop and start the environment, and change configuration settings such as constants and scheduled events.

For more information about deployment, see Mendix Cloud.

Access to Backups

Team members with Access to Backups permissions can access the backups of the environment. They can view, create, download, and restore backups.

For more information, see Backups.

API Rights

Team members with API Rights permissions can use the Deploy API to get programmatic access to the environment.

Because the API does not require two-factor authentication, it is disabled for the production environment by default. The Technical Contact can assign API access for each user.

Other permissions are needed in addition to API Rights. For example, to access backups via the API, you need Access to Backups in addition to API Rights.

Access to Monitoring

Team members with Access to Monitoring permissions can view the application metrics, logs, and alerts in Apps. This allows them to successfully operate your Mendix Cloud environments.

For more information, see Metrics, Logs, and Alerts.

Downloading Node Permissions

You may want to have a complete list of node permissions for audit purposes. The Technical Contact can download a list of permissions as a CSV by clicking Download to CSV. This button is shown only to Technical Contacts.

The CSV file contains a list of environments, users, and their respective permissions.

In addition, all changes to node permissions are logged on the activity log.

The Technical Contact

A cloud node has a single Technical Contact. The Technical Contact manages the cloud node and can control whether the other team members have access to Manage Permissions.

The Technical Contact can give the Technical Contact role to another team member. To transfer the role from yourself to another user, click Change to Technical Contact under the other user’s name. Note that only one user at a time can be the Technical Contact.

For full details on this role, see the Technical Contact section of App Roles.

Mendix Admins can also give the Technical Contact role to another team member using the Deploy API v4. For more information, see Deploy API – Version 4.

Licensing Mendix Cloud Apps

Node Permissions

Introduction

Viewing Your Nodes

Permissions

User Roles for Managing Permissions

Accessing Node Permissions

Permissions

Manage Permissions

Transport Rights

Access to Backups

API Rights

Access to Monitoring

Downloading Node Permissions

The Technical Contact

Read More

Feedback