Hiding chart of account and other financial reports from Sales User role

RWEMA_Aimable · November 17, 2018, 5:27am

Sales users need to make invoices and receive payments and thus need Account User role. However, this also gives them access to CoA and all other financial reports, which is not right.
The issue is similar to these old threads but I could not find a way to fix

root13F · November 17, 2018, 5:44am

Have you tried Role Permission for Page and Report ?

You can exclude roles from accessing certain reports.

RWEMA_Aimable · November 17, 2018, 8:36am

Since for example the CoA is accessed from /desk#Tree/Account , which page or report should I apply the restriction on?

root13F · November 17, 2018, 9:11am

Role Permission for Page and Report is just for Pages and Reports. Hence you can cover reports like Cash Flow and Ledger Report etc.

But for Tree view, you may have to try changing in the treeview file. It is a JS file.

In case of Chart of Accounts, it is account_tree.js, you could check if the frappe.session.user has the required role say ‘Auditor’. If they have it, it renders but if they don’t the tree doesn’t load and displays a message and could route them back to the desk.

This could be a good feature to contribute.

RWEMA_Aimable · November 18, 2018, 9:51am

OK I will try this

Eli · May 9, 2019, 12:48pm

@RWEMA_Aimable - did you come right with this issue.

If so, do you mind sharing the adjustment you made.

Eli · May 9, 2019, 12:49pm

@root13F - Do you mind sharing the code for this?

tonto · May 9, 2019, 12:55pm

What has worked for us so far is to use User Permissions and give individual users permissions only to the accounts they need. It does not work on the branch, need to do for each leaf. for us is 25 entries per user.

Real pain is you cannot copy these 25 from one user to another so every time new user is created need to do 25 manual entries. Duplicating a user should duplicate all including user, page and report permissions, but does not. A way of copying user permissions would be great.

root13F · May 9, 2019, 1:00pm

I don’t have the code I only made the suggestion. To check whether the logged in user has a specified role you can use this :

frappe.user.has_role("Insert Role Name")

Eli · May 9, 2019, 1:01pm

Thank you for the prompt reply. Its very much appreciated.

Let me try it

bluesky · October 27, 2022, 1:26pm

How did you do that? How can you restrict a specific user to view only specific accounts?

tonto · November 1, 2022, 7:41am

It is somewhat impractical as a lot of entries, but in USer Permissions Allow for Account one by one only the accounts you want user to be able to see and check apply to all Document Types. For us over 50 entries per user. Very cumbersome compared to other systems we have used.