Access rule Xpath Constraints and generalization of an object

2
On which object should I use a access rule Xpath constraint if i am using generalization? Example 1: Original object = Object1 and generalization of object1 = object2 When I use a constraint on object1 (Path to user) I am still able to read all rows within that object1 Example 2: If I use a constraint on Object2 (Path to user) I am able to read only the rows in Object2 that belongs to that specific user. When I try to read the original object Object1 I am able to read all rows! How can this be done?
asked
1 answers
0

Security rules do not follow inheritance, so you should set the access rules on both entities if you want to constrain access to both entities.

If you show objects in a grid that shows a generalization entity, those objects will still have the security rules for their specific type applied. This is what's happening in your example 2.

In your example 1 I'm not sure I understand exactly what you're doing. I read it as: you have an entity 'object2' and an entity 'object1', which has 'object2' as a generalization. You put a constraint on object1, and now you are still able to see all objects of type object1? If you are really sure that the objects you are viewing are really of type object1, and not object2, then that sounds like a bug. I just tested this case and it works fine in Mendix 5.4.0, so if you can reproduce this please file a ticket including test project.

answered