System administrator role is restricted

Category

Security

Summary

Mendix applications have a system administrator role that is used for platform-level administration tasks. While this role requires elevated privileges to manage the application, it should not have broad access to business data. Keeping the system administrator role restricted to its intended purpose limits the risk of data exposure in the event that an administrator account is compromised or misused.

This check verifies that the system administrator role is scoped appropriately and does not carry unnecessary data access privileges.

Options

This check does not have any options.

Pass

The system administrator role meets all of the following conditions:

• The role can only manage users who have no roles assigned.

• The role is not permitted to access personal data.

• The role's maximum data access level is set to no higher than Level 2 (Internal).

• The role has only the module roles System.Administrator and Administration.Administrator assigned to it.

Fail

The system administrator role fails one or more of the conditions above. Navigate to the data policy for this application, open the User Roles tab, and select the role identified as the System Administrator Role. Verify that user management is limited to users without roles, that Can access personal data is disabled, that the maximum data access level is set to Level 2 (Internal) or lower, and that no module roles other than System.Administrator and Administration.Administrator are mapped to this role.

Assigning additional module roles to the system administrator role is a common source of unintended data access. If your application has business module roles mapped to this role, consider creating a separate administrative user role for those purposes instead.

Note: The system administrator role is detected automatically by AppControl based on your Mendix security configuration. If this role does not appear correctly in the User Roles tab, verify that your application's security settings are complete and that the data policy has been fully validated.