Users of a Jmix application are defined by the
User class that is automatically generated by Studio in a new project. It is a JPA entity implementing the
JmixUserDetails interface which has a number of methods required by the framework:
getUsername()returns a unique user name.
getPassword()returns a hashed password.
isCredentialsNonExpired()indicate whether the user can log in to the system.
setAuthorities()are used by the framework to associate the user with a set of permissions upon login.
Users are stored in the main database of your application. By default, the
User entity and the corresponding database table have the following attributes:
versionare the standard primary key and optimistic locking attributes.
enabledstore values returned by the methods of the
lastNamestore additional information about users.
You can define any number of additional attributes required for your application, for example,
A new project contains the
010-init-user.xml database migration script that creates a user with the
admin username/password and grants the user full access to the application by associating the entity with the
A new project also contains the UI views for managing users, see Application → Users. These views allow you to create, edit and remove users, change and reset their passwords. To assign roles to a user, click the Role assignments button in the user list view.
The framework provides the
Any Jmix application with the standard security subsystem has two built-in user objects:
Anonymous user object corresponds to not authenticated users. It allows you to grant some permissions to users before they log in.
System user object is required for the system authentication mechanism. It is used when there is no real user interacting with the application, for example, when the application is starting up, or when a business method is called by a scheduler.
The built-in user objects are not stored in the database but created on the application startup by the
DatabaseUserRepository class of your project. You can customize both users in the
initSystemUser() methods of this class. By default, the system user is associated with the
system-full-access role and hence has all permissions.
The anonymous user has no permissions by default.