Non-persistable entity contains access rules restricting members to have no access rights, which is not allowed (Mx6->Mx7 update)

1
Hi all, I am upgrading apps from Mendix 6.9.1 to Mendix 7.21.0 and I am encoutering a lot of errors of the same type, namely: 'Non-persistable entity contains access rules restricting members to have no access rights, which is not allowed'. To my understanding this is caused by Mendix 7 handling non-persistable entities differently between client and server compared to previous versions. I can simply fix the issues by allowing the concerning members read access to all the attributes, but I don't really want to do that, because programmers before me have deliberately chosen not to grant access to those attributes.  I assume some of you also came across this issue, how did you handle this?     Regards (and merry Christmas :),   Martin 
asked
2 answers
1

Mx7 is more strict with the security rules. But since these are non persistent entitties and assuming they have no reference with the session of that user I would just give read access to those entities. I would not worry much about the deliberately chosen not to give access part. It might just as easily be that they have forgotten and since it worked nobody ever thought about them again.

Regards,

Ronald

answered
0

Hello Martin,

I am doing now the same thing – updating the app from 6 to 7 – and ran into the same errors. :)

From the mendix docs, section 4.3 explains this breaking change:
https://docs.mendix.com/refguide/moving-from-6-to-7#4-3-npe-attribute-level-security
Their recommendation is to use “ A separate object (which is not sent to the client at all) … for these attributes instead. “

answered