Security, Roles & Permissions

Last update: Download PDF Edit

1 Introduction

Security is a way of controlling access to your app. For example, you can decide who can access your app.

Roles and Permissions are an important part of security – an instrument which you can use to restrict or grant access to different parts of your app, such as pages and microflows.

2 Enabling Security

Whether security is enabled for your app by default, depends on app’s type and version. You can come across the following cases:

  1. If your app has been created in the Developer Portal with Mendix version 7.23.3 or above, you can enable security in Studio and view and edit roles and permissions. For more information on versions, see Web Modeler Version & Mendix Version Correlation

  2. If your app has been created in the Developer Portal with Mendix version below 7.23.3, or has been labelled as private content, or has been customized by your team specifically for your company, the security state depends on Studio Pro:
    a. If security is off in Studio Pro, then you can enable security in Studio. In this case, when you try to publish the app, you will be prompted to enable security.

    Secure Your App Pop-up Window

    b. If security is set to the Prototype/demo or Production level in Studio Pro and settings are compatible with Studio, you can view and edit Roles and Permissions in Studio. (For more information on what security settings are compatible with Studio, see the Studio Compatibility section in Model Changes When Security Is Enabled in Studio.)

    c. If security is set to the Prototype/demo or Production level in Studio Pro and settings are not compatible with Studio, you can view (not edit) Roles and Permissions in Studio. (For more information on security settings compatible with Studio, see the Studio Compatibility section in Model Changes When Security Is Enabled in Studio.)

If you need to enable security, do one of the following:

  • Click Enable Security in the above-mentioned pop-up dialog, and security will be set up automatically for you. After that you can restrict or grant access to your app via Roles and Permissions.

  • Open App Settings > Roles and Permissions and click Enable Security.

    The Roles and Permissions Screen

3 Roles and Permissions

A role is a set of permissions that you can assign to a user. For example, you may want to give the Administrator full access to all pages and microflows. While for other users, you may choose to only grant access to certain pages and restrict access for microflows.

In apps created via the Developer Portal, there are two app roles:

  • Administrator
  • User

For more information on managing app users, see the Managing App Users section.

The Roles and Permissions screen consist of three tabs:

  • Roles
  • Page Access
  • Microflow Access

The Roles tab lists all roles and indicates the number of pages and microflows these roles can access.

The Page Access and Microflow Access tabs contain a table where all pages/microflows are listed in rows, and all roles are placed in columns. You can decide which pages and microflows a particular role can access: tick/untick the box per document to grant/restrict access for it. To select/deselect all documents click on the More Options icon next to the user role.

As a result, you will get a matrix specific for each role.

The Page Access Tab Example

3.1 Creating a New Role

To create a new app role, do the following:

  1. Open Roles and Permissions > the Roles tab.

  2. Click Add Role in the right corner.

  3. Specify the name of the new role in the Create Role dialog window and click Create.

    Create Role Dialog Box

The new role is created.

3.2 Editing Existing Roles

To edit an existing role, do the following:

  1. Open Roles and Permissions > the Roles tab.

  2. Click the More Options icon and select Edit.

  3. In the Edit Role pop-up dialog perform the changes, and click Save.

The role has been edited.

3.3 Deleting Roles

To delete an existing role, do the following:

  1. Open Roles and Permissions > the Roles tab.

  2. Click the More Options icon and select Delete.

  3. Confirm the deletion in the pop-up dialog.

The role has been deleted.

3.4 Setting Access to Specific Pages/Microflows

There are two ways to set access for specific pages/microflows in your app:

  1. To set access via Roles and Permissions, do the following:
    1.1 Open Roles and Permissions > Page/Microflow Access tab.
    1.2 Find the user role in the column and tick the box next to a page/microflow to open access for it, or untick – to restrict access. In the example below, we have restricted page access for the User.

  2. To set access for a page/microflow via properties of this page/microflow , do the following:
    2.1 Open the page/microflow.
    2.2. Go to Properties > the Permissions section and tick/untick Allowed Roles to grant/restrict access.

4 Demo Users

Demo users are a demonstration of each user role existing in your app. You can use demo users to review how your app looks like for each user role. For more technical information, see Demo Users.

4.1 Testing Your Roles

You can test how your app looks like for different roles the following way:

  1. Preview your app.

  2. Select the Responsive view mode.

  3. Click a user icon in the right-hand side of the screen:

  4. In the displayed menu bar, select a demo user and the app will be viewed from the perspective of the corresponding role.

5 Managing App Users

The default user roles or user roles that you have created can be assigned to Mendix accounts. Accounts that have user roles assigned to them are App Users.

To manage app users, open Roles and Permissions and click Manage Users in the top-right of the screen.

You will be navigated to the Developer Portal > General > App User Management, where you can invite people to your app, edit app roles assigned to them, or delete them from app users.

If you have created a new role, you need to publish the app first to be able to see and assign this role in the Developer Portal.

6 Read More