ACR Rules

⌘K
  1. Home
  2. Docs
  3. ACR Rules
  4. Security (28)
  5. Security should be enabled and set to Production

Security should be enabled and set to Production

Security should be considered from the start of a project. Keeping security disabled until the project is close to release will often lead to “generous” access for users as developers try to get rid of all mendix access errors as fast as possible without too much thought.
With this security level, developers are asked to consider security from the get-go which leads to stricter access rules.

Noncompliant example:

Compliant example: