Latest Mendix App Platform Release – New Features Rolling Out Today

Today we are launching our latest release of the Mendix App Platform, introducing comprehensive project access security, a new sign up process, and enhanced password rules. Let’s take a look – and as always, let us know what you think by leaving a message in the comments or submitting feedback!

Comprehensive project access security – more options to organize your team

As projects and their teams grow, it becomes increasingly important to manage permissions within projects. From now on, you can do this in several ways via the new Project Security tab available in the Settings of every project.

Previously, all members within a project had the same set of permissions, except for those managing the cloud node. With this release, permissions can be set on all levels of a project.

­­Let’s take a look at the roles and their permissions. The person that started the project will be assigned the ‘SCRUM Master’ role initially. Of course others can be assigned as SCRUM Master, but the role cannot be edited to ensure that there is always at least one project member with this role. All other members get the ‘Business Engineer’ role by default. The most notable difference is that the Business Engineers do not have the permission to invite others to the project and change project settings.

In the new Project Security tab you can view (and edit) the roles of all project members. Several roles are created by default, but these can be configured to meet the requirements of your project.

By default, only the SCRUM Master can change the project security settings. When editing roles, several permissions can be set. In order to preserve transparency, all of the information that is available within the project is always at least read-only to all project members. Furthermore, project members with specific roles can be given several other permissions. For example, they may be permitted to invite new members or to open the project in the Mendix Business Modeler.

Project permissions in detail
Project permissions in detail

Keep in mind that project security management is separate from cloud node security management. The technical contact of a cloud node is still responsible for setting specific permissions for node access.

The renewed sign up method – May I see your invitation?

With this release, the process of adding new company members to your company has changed. Entering an existing company is from now on invitation based only.

It is no longer possible to do an independent sign up to join an existing company. All new members that need to join the company have to be invited by existing members. This ensures that not just anyone with a company email-address can get access to your company apps.

Password expiration – It’s time for a change

To increase security, two new measures have been added: First, password expiration is now in place. This means that your password will expire every 90 days. Second, we have changed the password requirements. Your password should now include special characters, and a mixture of lowercase, uppercase and numbers.  Of course your existing passwords will continue to work. After 90 days you will be prompted to change it and the new rules will be in effect.