GRANT / REVOKE

The GRANT and REVOKE statements control all permissions in a Mendix project. They work on three targets: entities (CRUD access), microflows (execute access), and pages (view access).

Entity Access

GRANT

GRANT <Module>.<Role> ON <Module>.<Entity> (<rights>) [WHERE '<xpath>'];

Where <rights> is a comma-separated list of:

Examples:

-- Full access
GRANT Shop.Admin ON Shop.Customer (CREATE, DELETE, READ *, WRITE *);

-- Read-only
GRANT Shop.Viewer ON Shop.Customer (READ *);

-- Selective members
GRANT Shop.User ON Shop.Customer (READ (Name, Email), WRITE (Email));

-- With XPath constraint (doubled single quotes for string literals)
GRANT Shop.User ON Shop.Order (READ *, WRITE *)
  WHERE '[Status = ''Open'']';

REVOKE

Remove an entity access rule entirely:

REVOKE <Module>.<Role> ON <Module>.<Entity>;

Example:

REVOKE Shop.Viewer ON Shop.Customer;

Microflow Access

GRANT EXECUTE ON MICROFLOW

GRANT EXECUTE ON MICROFLOW <Module>.<Name> TO <Module>.<Role> [, ...];

Example:

GRANT EXECUTE ON MICROFLOW Shop.ACT_ProcessOrder TO Shop.User, Shop.Admin;

REVOKE EXECUTE ON MICROFLOW

REVOKE EXECUTE ON MICROFLOW <Module>.<Name> FROM <Module>.<Role> [, ...];

Example:

REVOKE EXECUTE ON MICROFLOW Shop.ACT_ProcessOrder FROM Shop.User;

Page Access

GRANT VIEW ON PAGE

GRANT VIEW ON PAGE <Module>.<Name> TO <Module>.<Role> [, ...];

Example:

GRANT VIEW ON PAGE Shop.Order_Overview TO Shop.User, Shop.Admin;

REVOKE VIEW ON PAGE

REVOKE VIEW ON PAGE <Module>.<Name> FROM <Module>.<Role> [, ...];

Example:

REVOKE VIEW ON PAGE Shop.Admin_Dashboard FROM Shop.User;

Nanoflow Access

GRANT EXECUTE ON NANOFLOW <Module>.<Name> TO <Module>.<Role> [, ...];
REVOKE EXECUTE ON NANOFLOW <Module>.<Name> FROM <Module>.<Role> [, ...];

Workflow Access

GRANT EXECUTE ON WORKFLOW <Module>.<Name> TO <Module>.<Role> [, ...];
REVOKE EXECUTE ON WORKFLOW <Module>.<Name> FROM <Module>.<Role> [, ...];

OData Service Access

GRANT ACCESS ON ODATA SERVICE <Module>.<Name> TO <Module>.<Role> [, ...];
REVOKE ACCESS ON ODATA SERVICE <Module>.<Name> FROM <Module>.<Role> [, ...];

Complete Example

A typical security setup script:

-- Module roles
CREATE MODULE ROLE Shop.Admin DESCRIPTION 'Full access';
CREATE MODULE ROLE Shop.User DESCRIPTION 'Standard access';
CREATE MODULE ROLE Shop.Viewer DESCRIPTION 'Read-only access';

-- User roles
CREATE USER ROLE Administrator (Shop.Admin, System.Administrator) MANAGE ALL ROLES;
CREATE USER ROLE Employee (Shop.User);
CREATE USER ROLE Guest (Shop.Viewer);

-- Entity access
GRANT Shop.Admin ON Shop.Customer (CREATE, DELETE, READ *, WRITE *);
GRANT Shop.User ON Shop.Customer (READ *, WRITE (Email, Phone));
GRANT Shop.Viewer ON Shop.Customer (READ *);

GRANT Shop.Admin ON Shop.Order (CREATE, DELETE, READ *, WRITE *);
GRANT Shop.User ON Shop.Order (CREATE, READ *, WRITE *)
  WHERE '[Status = ''Open'']';
GRANT Shop.Viewer ON Shop.Order (READ *);

-- Microflow access
GRANT EXECUTE ON MICROFLOW Shop.ACT_ProcessOrder TO Shop.Admin;
GRANT EXECUTE ON MICROFLOW Shop.ACT_CreateOrder TO Shop.User, Shop.Admin;
GRANT EXECUTE ON MICROFLOW Shop.ACT_ViewOrders TO Shop.User, Shop.Admin, Shop.Viewer;

-- Page access
GRANT VIEW ON PAGE Shop.Order_Overview TO Shop.User, Shop.Admin, Shop.Viewer;
GRANT VIEW ON PAGE Shop.Order_Edit TO Shop.User, Shop.Admin;
GRANT VIEW ON PAGE Shop.Admin_Dashboard TO Shop.Admin;

-- Demo users
CREATE DEMO USER 'demo_admin' PASSWORD 'Admin123!' (Administrator);
CREATE DEMO USER 'demo_user' PASSWORD 'User123!' (Employee);

-- Enable demo users
ALTER PROJECT SECURITY DEMO USERS ON;
ALTER PROJECT SECURITY LEVEL PROTOTYPE;

See Also

• Security – overview of the security model
• Entity Access – details on entity CRUD permissions and XPath constraints
• Document Access – microflow, page, and nanoflow access patterns
• Module Roles and User Roles – creating and managing roles
• Demo Users – creating test accounts