Security User management

0
Hello,  In my app I have a role SpecificUser.  I have an entity A with an association to the entity Account.  In a process a user with the role SpecificUser have to link the entity A to another Account.  I noticed in the security of my project, in the user management (of the user role “SpecificUser”) that I need to check that this user role “SpecificUser” can manage other user to make my process work (when I display the account).  When I do that, does it create a security issue? does that mean that an user with a user role “SpecificUser” can create modify etc… other user ?   Thanks    
asked
1 answers
1

Yes it does have impact on security of the app. 

Using the account entity as process data isn’t advised to do. In this learning path it is explained why and how to do it properly;

https://academy.mendix.com/link/module/37/lecture/338/4.1-Account-User-Role-Management 

good luck, rene

answered