Module Roles
The Module Roles tab is where you review and validate the access rules defined in your Mendix application. For each entity, you can inspect which module roles have access, what their default access rights are, any XPath constraints that apply, and what read/write permissions exist per attribute.
Validating access rules is an important step in your data policy — it confirms that you have reviewed and accepted the current security configuration of your application.
Navigating the view
Navigation works the same way as in the Classify Data tab, using either the left panel tree or the breadcrumb list on the right. There are four levels:
Modules — the top-level list of all modules in your application.
Entities — the entities within a selected module.
Access Rules — the module roles that have an access rule defined for the selected entity. For each role you can see:
Create — whether the role can create new records of this entity.
Delete — whether the role can delete records of this entity.
Constraint — any XPath constraint applied to limit which records the role can access.
Default access — the default member access applied to attributes (read, write, or none).
Auto Validate — whether this access rule is set to auto-validate.
Status — whether this access rule has been validated.
Member Access Rules — the individual attributes and associations for a selected access rule, showing the access level (read, write, or none) that the module role has for each member.
Validating access rules manually
To validate an individual access rule or member access rule, use the Status column. Once reviewed, mark the item as validated to confirm you have accepted the current configuration.
Bulk validate
To validate multiple items at once, select them using the checkboxes and click Bulk validate. This marks all selected access rules or member access rules as validated in one action.
Bulk validate has one additional option:
Auto-validate — When enabled, the selected modules, entities, or access rules will automatically be marked as validated whenever their security configuration changes in the future. This means future changes to access controls will be accepted without requiring a manual review.
Warning: Auto-validate should be used with caution. It is good practice to review all changes to access rules before accepting them. Enabling auto-validate on sensitive entities may cause security changes to go unnoticed. Only use this option for modules or entities where the access configuration is stable and well-understood.
Note: Bulk validate operates at the level you are currently viewing. If you are viewing the access rule list, it applies to access rules. If you are viewing member access rules, it applies to those respectively.
Last updated