Sales users need to make invoices and receive payments and thus need Account User role. However, this also gives them access to CoA and all other financial reports, which is not right.
The issue is similar to these old threads but I could not find a way to fix
Have you tried Role Permission for Page and Report ?
You can exclude roles from accessing certain reports.
Since for example the CoA is accessed from /desk#Tree/Account , which page or report should I apply the restriction on?
Role Permission for Page and Report is just for Pages and Reports. Hence you can cover reports like Cash Flow and Ledger Report etc.
But for Tree view, you may have to try changing in the treeview file. It is a JS file.
In case of Chart of Accounts, it is account_tree.js, you could check if the frappe.session.user has the required role say âAuditorâ. If they have it, it renders but if they donât the tree doesnât load and displays a message and could route them back to the desk.
This could be a good feature to contribute.
OK I will try this
@RWEMA_Aimable - did you come right with this issue.
If so, do you mind sharing the adjustment you made.
What has worked for us so far is to use User Permissions and give individual users permissions only to the accounts they need. It does not work on the branch, need to do for each leaf. for us is 25 entries per user.
Real pain is you cannot copy these 25 from one user to another so every time new user is created need to do 25 manual entries. Duplicating a user should duplicate all including user, page and report permissions, but does not. A way of copying user permissions would be great.
I donât have the code I only made the suggestion. To check whether the logged in user has a specified role you can use this :
frappe.user.has_role("Insert Role Name")
Thank you for the prompt reply. Its very much appreciated.
Let me try it