How to apply XPATH to restrict access via unrelated entities?
I am trying to implement a generic security policy. I see the policy as a set of key/value attributes associated with the user. I then should apply a logic to limit user access to various entities. In the example below I created a simple entity for customers which operate in different operating units (countries) and assigned security attributes to various users. In the screenshots below the user demo_user_eu should have access only to customers with OperatingUnit = ‘EU’, user demo_user_us should have access only to customer with OperatingUnit = ‘US’, and demo_user_global should have access to customers where OperatingUnit is in ‘EU’ or ‘US’. Since there is no relationship between the entities, how can I implement the logic in XPath at Customer entity level? If this is not possible, can I somehow implement ‘in’ operation via a microflow? For example, I extract all securing attributes of key ‘OperatingUnit’ for the current user and then somehow select all customers where the operating unit is ‘in’ the previously extracted list. Thank you for your help.
The way you could solve this requirement is to associate your security attribute entity with the customer and the user. If you restrict the selection of the security attribute on the customer based on the enumeration in the security entity, only those keys can be selected for the Customer entity. When this is setup then there would be no need for setting complex xpath queries in your microflows, but you need to set this up in the entity access xpath tab of you entity and make sure your microflows have the option apply entity access set to true. See https://docs.mendix.com/refguide/access-rules for details.