Question

Microflow access to non-persistent entity with private data (no access rights)

0

We have some fields in our datamodel that can never be read by the user. This data is retrieved from another system before opening the page and we want to use this data in a microflow directly after the page. What is the best way of keeping this data? We created a non-persistent object with the private fields, that is separate from the main object, but connected via association. The problem is that we cannot seem to retrieve this object by microflow without adding ‘read’ access rights for the user. This is exactly what we don't want since this is private data. We don't persist any data in the app. Thanks in advance!

asked 2019-06-17

Bert Hoogeboom

2 answers

Dragos Vrabie · Answer 1 · 2019-06-17

Hello Bert,

If you want the client side to not have any access at all to the data you would have to keep it in a persistent object as all NPOs get held in the client-side memory, if I remember this correctly, therefore a user could acquire it through the client API.

Personally I would retrieve the data when needed if this is possible to avoid extra handling.

If that’s not an option and you want to minimise data storage you could keep it in a persistent object associated to your main object. You’d then want to perform some form of cleanup to ensure you’re not storing it indefinitely.

Hope this helps

Tim v Steenbergen · Answer 2 · 2019-06-17

Well, the data is appareantly available on the external system, so I guess the most safe option is to not store this private information at all in your own application. Just retrieve it again once you need this in the next microflow.

And keep in mind that Dragos is correct: if you open the page, check the data that is handed to the client. You might want to do a ‘Delete Object-activity before opening the page.