I have a multi-tenant app in 5.2 with a domain model that includes the following entities: Client (these are the 'tenants' in the application Users (associated with one Client) Division (access rules limit Client users to seeing only those Divisions that are associated with the Client they are associated with) LaborType (also associated with Client, associated with Division as well) In a simple New Edit page for LaborType, when I place a reference selector for Division on that page, Client Users see Divisions in that Reference selector for all Clients, not just their client. I have been putting XPath constraints or using constrained by to limit visibility for users to only those Divisions associated with the Client that they are associated with. Should Mendix limit visibility without me having to use XPath or Constrained By? Am I missing something basic in my application setup?
Do you have a page as a reference selector? In that case you probably have a warning in your consistency checks, saying something like 'Property 'XPath constraint' on the data grid of the select page has no effect when the page is used for selecting. Instead, the selection constraints properties of the reference selector can be used to constrain the selectable objects.'.
Note that setting an xpath constraint on a page is NOT the same as security. Security is defined in a domain model, you can ALWAYS get around page settings if you know the client/server API.