Jmix security subsystem provides an easily configurable access control mechanism for your application. It is based on Spring Security and adds the following features:

  • Integration with your data model.

    • Permissions to invoke CRUD operations on entities and to view/modify specific entity attributes. For example, a user can view documents, but cannot create, update, or delete them, and can view all document attributes except amount.

    • Row-level access control restricts access to individual entity instances. For example, users can view documents that have been created in their department only.

  • Integration with UI.

    • Permissions to open Backoffice UI screens and see main menu items.

    • If a visual component like Text Field is bound to an entity attribute, it automatically becomes read-only or hidden depending on the current user rights to the attribute. Table actions are disabled if the corresponding CRUD operations are denied for the user.

  • Declarative definition of roles and permissions using annotated Java interfaces.

  • Ability to define roles and permissions at runtime and store them in the database.

  • Backoffice UI for viewing roles and permissions, assigning roles to users, and for creating runtime roles.

In this guide, we mainly describe the standard implementation of the security subsystem. To use all its features, make sure your build.gradle file contains the following dependencies:

implementation ''
implementation ''
implementation ''