How does Mendix handle and check module roles for entity access?
Hi, I have a multi-tenant like system where admin users can set rights on the users beneath that admin. https://appstore.home.mendix.com/link/app/80498/ The optimal plan is to let the admin select roles for each user based on a sub-set of all roles. The sub-set is chosen by back office administration. I saw that Stefan asked a similar question a while ago, https://forum.mendix.com/link/questions/87253, but it did not get any answer I could understand or use. How does Mendix handle a lot of user roles and the possibility of having overlapping module roles? Are all module roles fetched and stored somewhere for easy access checking against Xpaths for entity access or does it go through each user role every time? What is best from a performance perspective and why: Unique sets of module roles creating a user role. Each user role has a lot of module roles and each user having a few user roles Each user role only having a few module roles and each user having a lot of user roles Kind Regards Johan Edit: Both Ronald ans Stefan i correct depending on your needs and the situation. I will give the correct answer to Stefan since he has the least points and that we probably need to go with option 2 because of the needs of the admin users.
We went for option 2 eventually.
Main advantage is that we can easily add/remove certain authorizations on users. This will result in more user roles, but if you name them nicely to their function, it will be workable.
This suited our company the best, because a lot of functions overlap.
I would go for option 1. Option 2 can get really complicated real fast. Always try to have as little user roles because that makes the modeler life more easy. With stacking user roles it will hard to debug why a user is seeing / not seeing something in your form.