diff --git a/content/en/docs/refguide/modeling/menus/app-menu/_index.md b/content/en/docs/refguide/modeling/menus/app-menu/_index.md index 75523fcf6b8..60cca2641f1 100644 --- a/content/en/docs/refguide/modeling/menus/app-menu/_index.md +++ b/content/en/docs/refguide/modeling/menus/app-menu/_index.md @@ -83,6 +83,10 @@ The [Mendix Studios Target](/developerportal/deploy/studio-deployment-settings/# For more information on using this option, see [Deploy to the Cloud](/refguide/deploy-to-the-cloud-dialog/). +## Show Security Overview (Beta) + +The **Show Security Overview (Beta)** option opens the [Security Overview](/refguide/security-overview/), where you can view a unified overview of your app's security. + ## Read More * [Studio Pro Overview](/refguide/studio-pro-overview/) diff --git a/content/en/docs/refguide/modeling/security/_index.md b/content/en/docs/refguide/modeling/security/_index.md index ca1913acae6..9909af4eac5 100644 --- a/content/en/docs/refguide/modeling/security/_index.md +++ b/content/en/docs/refguide/modeling/security/_index.md @@ -82,3 +82,11 @@ Mendix applications that are deployed to SAP BTP can have SSO with SAP's IdP. Me ## Building an App as a Team {#team} If you want to invite your colleagues to build your app, you can manage the **Team** in [Apps](https://sprintr.home.mendix.com/). Only team members who are invited to your app can access it (as a project to collaborate on). You can assign app roles to them. These team member roles define what they can access and change in the app in the backend while developing the app and are different from end-user roles which define what users can access in a running app. For more information, see [Team](/developerportal/general/team/) in the documentation of **Apps**. + +## The Security Overview (Beta) + +The [Security Overview (Beta)](/refguide/security-overview/) provides you with an overview of your app's security. To access the overview, open the **App** menu, and then click **Show Security Overview (Beta)**. + +{{% alert color="info" %}} +This feature is currently in beta. For more information, see [Beta and Experimental Releases](/releasenotes/beta-features/). +{{% /alert %}} diff --git a/content/en/docs/refguide/modeling/security/security-overview.md b/content/en/docs/refguide/modeling/security/security-overview.md new file mode 100644 index 00000000000..87eac795742 --- /dev/null +++ b/content/en/docs/refguide/modeling/security/security-overview.md @@ -0,0 +1,52 @@ +--- +title: "Security Overview" +url: /refguide/security-overview/ +weight: 20 +--- + +{{% alert color="info" %}} +This feature is currently in beta. For more information, see [Beta and Experimental Releases](/releasenotes/beta-features/). +{{% /alert %}} + +## Introduction + +The **Security Overview** page provides you with an overview of your app's security. This overview can be used to review the security of your app. + +## Viewing the Security Overview + +The **Security Overview** summarizes the app's security for a selected user role. To view the information, perform the following steps: + +1. Access the **Security Overview** page by opening the **App** menu, and then clicking **Show Security Overview (Beta)**. +2. In the **Show access for user role** list, select the user role for which you want to view the security summary. +3. Optionally, select a module in the sidebar of the overview. + + Selecting a module filters the content in the **Entity access**, **Page access**, **Microflow access**, and **Nanoflow access** tabs. The list of modules does not show the System module or any protected modules. + +## Security Overview Contents + +The **Security Overview** page has the following tabs: + +* [Entity access](#entity-access) +* **Page access** +* **Microflow access** +* **Nanoflow access** + +{{% alert color="info" %}} +In the beta release of the **Security Overview** page, only the **Entity access** tab is available. The other tabs will be available in future versions of Studio Pro. +{{% /alert %}} + +{{< figure src="/attachments/refguide/modeling/security/app-security/user-roles/security-overview.png" class="no-border" >}} + +### Entity Access {#entity-access} + +The **Entity Access** tab shows a summarized view of the permissions that are applied during runtime for all entities in the selected module for each user role. This helps developers and reviewers easily understand what an end user can or cannot access within the application. + +The **Combined access rules** column aggregates all access rules applicable to the selected user role, reflecting the runtime behaviour. This means that if any access rule grants access to that user, the user will have access. For example, if one access rule grants **Read and Create** access and another access rule grants **ReadWrite** access, the combined access is **ReadWrite** and **Create**. +Multiple columns are shown for entities with XPath constraints. Access rules with the same XPath constraint are also combined here, so each XPath in this list is unique. + +When the selected user role has no access to an attribute or an association, it is not shown in the table. If the selected user role has no access to an entity at all, the entity is not shown in the **Security Overview**. + +## Read More + +* [User Roles](/refguide/user-roles/) +* [Access Rules](/refguide/access-rules/). diff --git a/static/attachments/refguide/modeling/security/app-security/user-roles/security-overview.png b/static/attachments/refguide/modeling/security/app-security/user-roles/security-overview.png new file mode 100644 index 00000000000..fe15277c7c0 Binary files /dev/null and b/static/attachments/refguide/modeling/security/app-security/user-roles/security-overview.png differ