Question

How to write entity access rules for hierarchical access

0

I have added an attribute “manager” to the Mendix Account Entity. For every employee I know the manager, the manager of the manager, the manager of this manager, and so on. When an employee creates a request (expense note) it shoud be visible to the employee, the manager of the employee, the manager of this manager, and so on. My question: how to write an entity access rule ? If not possible how to implement this kind of security in another way. Thanks !

asked 2021-01-13

Wim Stevens

2 answers

Ronald Catersels · Answer 1 · 2021-01-13

I would create a reference for this. Let's call it read rights. When creating the object use a microflow to retrieve all the hierarichical managers and set a reference to this request. In the entity access you can then create a rule that the current user should be part of this reference. Then only the persons that has this reference set can access this request.

Regards,

Ronald

Tim v Steenbergen · Answer 2 · 2021-01-13

Contemplate this: the manager is always there, even if the person that is the current manager leaves. Even if the position stays vacant for a while, the position of manager stays. So create an entity for that position say 'ManagingAccount' with a 1-1 reference to Account calling it 'Account_is_ManagingAccount', and give it another reference ( 1-* ) to Account calling it 'ManagingAccount_Of_Account'. When a manager leaves, this will cause no hassle and no recalculations.