Security Overview

Last modified: February 25, 2025

This feature was introduced in Mendix 10.18 and is currently in beta. For more information, see Beta and Experimental Releases.

Introduction

The Security Overview page provides you with an overview of your app’s security.

This overview can be used to review the security of your app. You can also export information from the page to an Excel file, for more details, see the Export To Excel section below.

Viewing the Security Overview

The Security Overview summarizes the app’s security for a selected user role. To view the information, perform the following steps:

Access the Security Overview page by opening the App menu, and then clicking Show Security Overview (Beta).
In the Show access for user role list, select the user role for which you want to view the security summary.
Optionally, select a module in the sidebar of the overview.

Selecting a module filters the content in the Entity access, Page access, Microflow access, and Nanoflow access tabs. The list of modules does not show the System module or any protected modules.

Security Overview Contents

The Security Overview page has the following tabs:

Entity access
Page access
Microflow access
Nanoflow access

Entity Access

The Entity Access tab shows a summarized view of the permissions that are applied during runtime for all entities in the selected module for each user role. This helps developers and reviewers easily understand what an end user can or cannot access within the application.

The Combined access rules column aggregates all access rules applicable to the selected user role, reflecting the runtime behaviour. This means that if any access rule grants access to that user, the user will have access. For example, if one access rule grants Read and Create access and another access rule grants ReadWrite access, the combined access is ReadWrite and Create. Multiple columns are shown for entities with XPath constraints. Access rules with the same XPath constraint are also combined here, so each XPath in this list is unique.

When the selected user role has no access to an attribute or an association, it is not shown in the table. If the selected user role has no access to an entity at all, the entity is not shown in the Security Overview.

Page Access

The Page Access tab lists the names of pages within the selected module that are visible to the selected user role.

Microflow Access

The Microflow Access tab lists the names of microflows within the selected module that can be executed by the selected user role.

Nanoflow Access

The Nanoflow Access tab lists the names of nanoflows within the selected module that can be executed by the selected user role.

Export To Excel

To export the Security Overview, click the Export to Excel button. This generates an Excel file in the selected directory, which contains the following three sheets:

Entity Access – This sheet contains the entity access rules data, including the following: a. User Role b. Module: The module containing the entity. c. Entity: The name of the entity. d. Member: The attribute or association name. e. Kind: Specifies whether the member is an association or an attribute. f. Type: The type of the member. g. XPath: The XPath constraint. h. XPath Caption: The XPath constraint caption, when set. i. Access: The access level (None, Read or ReadWrite).
Document Access – This sheet includes the accessible pages, microflows and nanoflows, including the following: a. Document type – The type of the accessible document (page, microflow, nanoflow). b. User Role c. Module: The module containing the the page, nanoflow, or microflow. d. Document: The name of the page, nanoflow, or microflow.
Module Roles – this sheet provides the mappings between user roles and module roles, including the following: a. User Role b. Module c. Module Role.