# Anonymous user role is restricted

<table><thead><tr><th width="138">Check ID</th><th>APP_0007</th></tr></thead><tbody><tr><td>Category</td><td>Security</td></tr><tr><td>Summary</td><td>Mendix applications can be configured to allow anonymous access, meaning users can interact with the application without logging in. When anonymous access is enabled, Mendix requires an anonymous user role to be defined. This check verifies that the anonymous user role is appropriately restricted, ensuring that unauthenticated users cannot access sensitive data or perform privileged actions.</td></tr><tr><td>Options</td><td>This check does not have any options.</td></tr><tr><td>Pass</td><td><p>The anonymous user role meets all of the following conditions:</p><p></p><ul><li>The role cannot manage other users.</li><li>The role is not permitted to access personal data.</li><li>The role's maximum data access level is set to Level 1 (Public).</li></ul></td></tr><tr><td>Fail</td><td><p>The anonymous user role fails one or more of the conditions above. Navigate to the data policy for this application, open the User Roles tab, and select the anonymous user role. Verify that the role is not granted user management permissions, that Can access personal data is disabled, and that the maximum data access level is set to Level 1 (Public).</p><p></p><p>Note: If your application does not use anonymous access, this check will not apply and will be skipped.</p></td></tr></tbody></table>