security apply entity access

0
Hi, Can someone tell me more about the security in mendix concerning the “apply entity access in a microflow”?   Let say i have a id_value (string) attribute, that I generate through my microflow when i user create that object, a put the wrighting access to no to that attribute for every user, because it is not a data that i want an user to determine or change, but when I apply entity access to true in my microflow, A security error appear.  What is the best practice? desactivate the apply entity access? allow the wrighting of that attribute to an user? the best would be to have this two method activated i guess, maybe there a way to do it?   theoretically setting the security access to false mean that an user can change the data even if he does not have the proper right in the entity access rules?   Thank you
asked
1 answers
3

When you change objects in a microflow. you do this as 'system’ instead of using the actual account's access rules as stated in the entity access rules.

if you DO want to have the flows respect those access rules that you set in your domain model, then you can use ‘Apply Entity Access’. (every subflow will have to adhere to this as well)

https://docs.mendix.com/refguide/microflow#5-security-properties

In general, ‘Apply Entity Access’ is not used all that often. There are good usecases for it. But your main bet is to just make sure that your microflow is not setting values that you dont want to set.

In this case, you want to generate the attribute, and not have a user be able to edit it.
Then all you need is a microflow to set the attribute and an access rule for the specific userrole to view the attribute on a page etc.

answered