Data Security | Mendix

Skip to main content

Site Search

Contact Sales
Try for Free
Print

Data Security

How Is Security Handled at the Mendix Data Layer?

Data security in Mendix is handled by defining the data access rules on your entities. Per entity, you can define who can see what data and who can create or delete data.

These rules will be applied every time your application uses an entity. The rules will be applied automatically to XPath retrieves done on your model. You can define XPath constraints on entities, which means you can define access rules depending on the user role or organization. This can be used to ensure strict data separation in multi-tenant applications.

What Kind of Encryption Is Available in My Mendix App?

Besides the default encryption-at-rest and in-transit, users are able to implement column encryption or uploaded file encryption. Column and uploaded file encryption are supported out of the box via the Encryption module from the Mendix Marketplace using AES encryption.

Mendix utilizes cryptographic modules that are compliant with FIPS 140-3. FIPS 140-3 (Federal Information Processing Standard) is a U.S. government standard that specifies security requirements for cryptographic modules protecting sensitive information. This ensures that Mendix meets stringent federal standards for data encryption and cryptographic operations.

Identity and Access Management capabilities for application users – such as Single Sign-On and assignment of user roles – are described under Control App User Risk.

How Are Passwords Stored in My Mendix App?

Passwords in Mendix can only be stored in a hashed format. Mendix supports multiple hashing algorithms.

How Does My Mendix App Support Multi-Tenancy?

Mendix offers out-of-the-box support for developing multi-tenant applications. Multi-tenant apps in Mendix share the same database, application logic, and user interface. Application logic can be extended with tenant-specific logic, and the UI can be styled per tenant. For end-user access, it is possible to configure multiple SSO connections for a single application; one Identity Provider per tenant.

The tenant object is used to do the following:

  • Define a tenant-aware object model for the application – tenant-level access to domain objects is configured using XPath definitions, which restricts access to those application object instances for the company to which the end-user belongs.
  • Define tenant-specific microflows and configure access rights to implement tenant-level application and process logic.
  • Apply tenant-specific styling of the UI by making the CSS dependent on the companies defined in the MxID.

Tenants can be custom defined in the application as well by using identifiers like division, country, and site.

Who Is the Owner of Data in a Mendix App?
The Mendix customer has ownership of the data and intellectual property of their Mendix applications, as stated by Mendix master agreements and end-user agreements.

For more information, see Exporting Your Data in No Vendor Lock-In.

Who Has Access to My Data?

All access to customer data is under the control of the customer. Access to customer data by Mendix personnel is strictly prohibited by administrative controls and is only authorized after explicit customer approval.

Does Mendix Securely Wipe My Data After Contract Termination?

After contract termination, all applicable application environments are securely destroyed, including backups.

Choose your language