The S-Unit

The S-Unit 100% offensive security
Menu

The S-Unit Top 10

TSU-02: INsecure entity access

TSU-02: Insecure entity access configuration

Even a well-built Mendix application can become vulnerable if the entity access rules are not properly configured. TSU-02 highlights the risks of insecure access definitions and provides practical steps to protect your data.

Incorrect entity access configuration? A major risk to your data.

Mendix uses Role Based Access Control (RBAC) to define what each user can access and modify in an application. Within this system, User Roles are linked to module roles, and these module roles contain entity access rules that determine how data can be read, created, updated, or deleted.

When a module role is configured insecurely, users may gain broader access to data than intended. This can expose or even alter sensitive information, often leading to a data breach.

TSU-01 vs TSU-02

TSU-01 and TSU-02 are often confused. Both deal with users having too much access, but understanding the difference helps you prevent risks more effectively.

TSU-01
  • In TSU 01, the access rule itself is correct, but the module role is assigned to the wrong User Role.
TSU-02
  • In TSU-02 , the access rule is incorrect for the module role, no matter which User Role it belongs to.

How do you configure your entity access correctly?

To prevent TSU-02 vulnerabilities, configure entity access rules carefully and grant only the permissions necessary for your application to function. Follow these best practices:

  • Assign each access rule to only one module role. Keep access rules specific per User Role to enforce minimal permissions.
  • Avoid giving direct create or delete access. Use microflows that apply the necessary security checks instead.
  • Never grant write-or delete-access on persistent entities without an XPath constraint. Without it, users could modify or delete shared or user-specific data.
  • Avoid direct write access on attributes that affect integrity or security. Perform updates in microflows that validate input with helper entities or attributes. This includes:
  • Attributes used in XPath constraints
  • Attributes checked in microflow security
  • Associations linked to sensitive data
  • Use proper XPath constraints for data that is:
  • User-specific (e.g. financial or medical data)
  • Group-specific (e.g. company or project data)
  • Status-specific (e.g. draft/published, approved/rejected)
  • Do not grant create access on an entity when the same role has write access under an XPath constraint. This combination can bypass the XPath when committing new objects.

Vulnerabilities within TSU-02

The following vulnerabilities are common in insecure Entity Access configurations and illustrate where things can go wrong in practice.

  • Read or write access to sensitive data, such as application secrets or login credentials. This can expose confidential information.
  • Missing or incorrect XPath constraints: allowing users to view, change, or delete data they should not access.
  • Create or delete access on integrity-critical entities: such as audit logs, which are essential for traceability.
  • Write access to attributes or associations used in XPath constraints: enabling circumvention of access control.
  • Write access to attributes used in microflow security or sensitive logic: this can trigger unsafe actions or privilege escalation.
  • Combined create and write access under XPath: allowing users to bypass validation and save unauthorized data.
  • Bypassing data validation through direct write access: leading to inconsistent or manipulated data.
  • Conflicting access rules: overlapping permissions that weaken security boundaries.

TSU-02 focuses on insecure entity access configuration, a common but critical issue in Mendix apps. Properly defining entity access rules and applying strict XPath constraints ensures that users only interact with the data they are meant to see or change.

Integrate The S-Unit Top 10 into your CI/CD pipeline.

Want to know how your Mendix application scores on The S-Unit Top 10? In collaboration with Omnext, we’ve developed a Mendix-specific SAST solution that continuously and automatically scans for vulnerabilities. By integrating The S-Unit Top 10 into the CI/CD pipeline, risks are detected early and made immediately visible. For questions, feel free to contact us.

Would you like to know more about the services of The S-Unit? Or do you have another S-ential question for us?
Get in touch