About User Permission Restrictions and Role setting

Hi, I have a use case as follows:

I want to delegate the following permission for my administration staff:

1. Read/Write/Create/Delete users created by them ONLY (but they cannot Read/Write/Create/Delete other users who are not created by them) => otherwise, they may modify the Administrator or my passwords or details too.
=> also means the admin staff cannot see "Guest", "Administrator" and "my account".

2. Admin staff can assign roles for the users they created ONLY, but they cannot change their own role.

3. Naming Series: Read/Write/Create/Delete

4. Company: Read/Write/Create/Delete

5. Global Default: Read/Write 

6. Letter Head: Read/Write/Create/Delete

7. Print Heading

For achieving the above need, I created a "System User" role and added permission for 3 - 7. However, for 1 - 2, I cannot figure out how to do it?

I have tried to restrict the user permission by setting properties, but I found there is a bug (See attached screenshot). => It said "it shows user Created By = mi...@xxxx", but it is not true. I checked database, when "mi...@xxxx" created a user, the owner is not "mi...@xxxx", just the "modified_by" column is "mi...@xxxx".

Can anyone kindly tell me how to achieve the above 7 items. (especially the 1 - 2 items)

Many thanks,






You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/660d4280-4d43-4311-ab7c-8533e568183d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Its best to keep user management restricted to a couple of users.

In version 4, you can achieve this by setting user restrictions - there are some issues in it right now and we plan to push an update on this in a couple of days.



On 25-May-2014, at 11:13 am, Adam Tong <ad...@gmail.com> wrote:

Hi, I have a use case as follows:

I want to delegate the following permission for my administration staff:

1. Read/Write/Create/Delete users created by them ONLY (but they cannot Read/Write/Create/Delete other users who are not created by them) => otherwise, they may modify the Administrator or my passwords or details too.
=> also means the admin staff cannot see "Guest", "Administrator" and "my account".

2. Admin staff can assign roles for the users they created ONLY, but they cannot change their own role.

3. Naming Series: Read/Write/Create/Delete

4. Company: Read/Write/Create/Delete

5. Global Default: Read/Write 

6. Letter Head: Read/Write/Create/Delete

7. Print Heading

For achieving the above need, I created a "System User" role and added permission for 3 - 7. However, for 1 - 2, I cannot figure out how to do it?

I have tried to restrict the user permission by setting properties, but I found there is a bug (See attached screenshot). => It said "it shows user Created By = mi...@xxxx", but it is not true. I checked database, when "mi...@xxxx" created a user, the owner is not "mi...@xxxx", just the "modified_by" column is "mi...@xxxx".

Can anyone kindly tell me how to achieve the above 7 items. (especially the 1 - 2 items)

Many thanks,







You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/660d4280-4d43-4311-ab7c-8533e568183d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

<Screen Shot 2014-05-25 at 12.12.05 PM.png>




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/BA609D15-AB65-4E80-A717-31A077649895%40gmail.com.

For more options, visit https://groups.google.com/d/optout.