Node Permissions

Last modified: December 4, 2023

1 Introduction

Fine-grained access management for your Mendix Cloud environments is handled in the Permissions tab of your app’s Environments page.

On this tab, the Technical Contact and any team members with Manage Permissions enabled can manage various permissions to the environments for each team member.

Team members who have a role with Cloud Access can view the permissions. For more information, see App Roles.

2 Viewing Your Nodes

To find a list of all Mendix Cloud licensed nodes that you have access to, open the Global Navigation menu and click Deployment.

You will see a list of all your licensed nodes:

Licensed Mendix Cloud nodes

To go to the Environments page for the app that is deployed to a node, click Environments on that node.

3 Permissions

In the Permissions tab of the Environments page, you can manage access to your environments for each team member.

3.1 User Roles for Managing Permissions

The Technical Contact and any team members with Manage Permissions enabled can manage the permission settings for the cloud node.

Permissions are set independently for each environment. To choose the environment, use the drop-down list in the upper-right corner of the Permissions tab. Changing the permissions for a production environment requires two-factor authentication.

Team members with a user role that includes Cloud Access can view the permissions.

3.2 Accessing Node Permissions

To access the node permissions, do the following:

  1. Click Environments for your app.

  2. Switch to the Permissions tab.

  3. From the drop-down list in the upper-right corner, select the environment for which you want to change permissions.

  4. If prompted, complete two-factor authentication.

3.3 Permissions

The Technical Contact can enable and disable Manage Permissions for the other team members. Any team members with Manage Permissions enabled can set the following node permissions: Transport Rights, Access to Backups, Receive Alerts, API Rights, and Access to Monitoring.

Node permissions dashboard

3.3.1 Manage Permissions

Team members with Manage Permissions permissions can change the permissions granted to team members. Only the Technical Contact has this enabled by default.

3.3.2 Transport Rights

Team members with Transport Rights permissions can deploy new versions of the application to the node. They can also create new deployment packages, stop and start the environment, and change configuration settings such as constants and scheduled events.

For more information about deployment, see Mendix Cloud.

3.3.3 Access to Backups

Team members with Access to Backups permissions can access the backups of the environment. They can view, create, download, and restore backups.

For more information, see Backups.

3.3.4 Receive Alerts

Team members with Receive Alerts permissions will receive an email whenever an alert is triggered.

Alerts are triggered by any of the following circumstances:

  • The app goes offline unexpectedly
  • The application logs a message with level Critical
  • The health check fails
  • An infrastructure problem occurs

3.3.5 API Rights

Team members with API Rights permissions can use the Deploy API to get programmatic access to the environment.

Because the API does not require two-factor authentication, it is disabled for the production environment by default. The Technical Contact can assign API access for each user.

3.3.6 Access to Monitoring

Team members with Access to Monitoring permissions can view the application metrics, logs, and alerts in the Developer Portal. This allows them to successfully operate your Mendix Cloud environments.

For more information, see Metrics, Logs, and Alerts.

4 Downloading Node Permissions

You may want to have a complete list of node permissions for audit purposes. The Technical Contact can download a list of permissions as a CSV by clicking Download to CSV. This button is shown only to Technical Contacts.

The CSV file contains a list of environments, users, and their respective permissions.

In addition, all changes to node permissions are logged on the activity log.

5 The Technical Contact

A cloud node has a single Technical Contact. The Technical Contact manages the cloud node and can control whether the other team members have access to Manage Permissions.

The Technical Contact can give the Technical Contact role to another team member. To transfer the role from yourself to another user, click Change to Technical Contact under the other user’s name. Note that only one user at a time can be the Technical Contact.

For full details on this role, see the Technical Contact section of App Roles.

6 Read More