Question

Give read access to member Name of object System.UserRole to role User

0

Hi, I am trying to display the list of roles as a dropdown in a reference selector. I want the user to be able to select any one role from the list. But when trying to display the list to User, it gives the following error. com.mendix.core.objectmanagement.SecurityRuntimeException: Read access denied for member 'Name' of object 'System.UserRole' I tried to give read access to all users for this attribute but the domain model of System module is not editable. How can I give read access to all users for this attribute? Thank

asked 2021-12-22

Shardul Silswal

1 answers

Rene van Hofwegen · Answer 1 · 2021-12-22

Euh.... so you want to allow an user to change its own role. Nice security feature.

As you might grab from above, thats a really bad idea.

1. You cannot change the security access Rules in the system module ( its for a reason;-) )

2. You can assign a userrole to "manage users with at least the following roles" this will allow a user to use, select and manage that role(s) <my advise, don't use it

So basically; rethink the needs of the app

//Edit

You want that users can filter certain type of users.

My advise is to NOT use the User and/or Account entity for the other then account handling/login of users. All process details of an app user should be stored in a separated entity, with a 1-1 reference to the Account entity.

For example you have a list of employees using the app. User contains their Username, password and reference to a role. This is ONLY for authentication when accessing the application. The employee details used in the app, such as full name, function, email address etc. should be part of the entity Employee, which has a reference to the account entity.