Hi all! I have a multi tenant application with: Organization User (Generalization System.User) Organization 1-* User User roles: Administrator (for all applications Manager (for admin rights of one organization) User In the entity access of User I have for the Manager: [Users.User_Organization/Organizations.Organization/Users.User_Organization/Users ='[%CurrentUser%]'] (so he can see all the users of his own organization) My problem now is that in my User_Overview page, all users are shown. Not the fields from the User Entity, only the fields from the System.User entity. If I remove the System.User fields, empty rows are shown. Is there any solution to make a multi tenant application secure with Entity Access?
User management for multi-tenant applications is an annoying issue in Mendix. My best solution is to never manage Users (or Accounts) directly. I usually model that a Tenant has multiple Persons, and a Person has one Account. Accounts are only managed through microflows. Everything an administrator can do is retricted to Persons. Persons do behave nicely with Entity Access rules.
In such a scenario, if you still want to manage the user roles of a person, you can add a many to many association between Person and UserRole, and then copy those user roles to the Account by using a microflow.