Try ERPNext Buy Support Partners Foundation

Employee role default permission can see modules they should not

Trying a new setup for ERPNext, am new to the product.

I have set default “Employee” permission for a user. The docs say that users only see modules they have permission for. But when I login as an Employee user they can see modules like Company, all modules for Settings.
If I drill down into Company, the employee user can Read the Company record, which includes Sales figures! In the permission manager for Employee role I can see that Read permission has been given to the Company record, I don’t know what will break if that is revoked.

  1. I can see a way to restrict access to modules per user. Is there a way to do it per Role? Or what way would you recommend restricting module access to all employee role users, I don’t want them to see any of the Settings options?

  2. Is there an additional setting besides giving role of Employee that I am missing to only let them access required areas? Like in the HR module as well I can see they get access to see the “Salary Components”, “Performance Appraisal Template” etc. Too many options where they should not be looking around. How does one turn off these within a module?

I went through the docs but didn’t find the default permissions setup for a new installation and how to get users into the system configured correctly.

Thanks for your help.