# Anonymous user role is restricted

Check ID	APP_0007
Category	Security
Summary	Mendix applications can be configured to allow anonymous access, meaning users can interact with the application without logging in. When anonymous access is enabled, Mendix requires an anonymous user role to be defined. This check verifies that the anonymous user role is appropriately restricted, ensuring that unauthenticated users cannot access sensitive data or perform privileged actions.
Options	This check does not have any options.
Pass	The anonymous user role meets all of the following conditions: The role cannot manage other users. The role is not permitted to access personal data. The role's maximum data access level is set to Level 1 (Public).
Fail	The anonymous user role fails one or more of the conditions above. Navigate to the data policy for this application, open the User Roles tab, and select the anonymous user role. Verify that the role is not granted user management permissions, that Can access personal data is disabled, and that the maximum data access level is set to Level 1 (Public). Note: If your application does not use anonymous access, this check will not apply and will be skipped.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bluestorm.io/checks/app/app_0007.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.