Sales users need to make invoices and receive payments and thus need Account User role. However, this also gives them access to CoA and all other financial reports, which is not right.
The issue is similar to these old threads but I could not find a way to fix
Have you tried Role Permission for Page and Report ?
You can exclude roles from accessing certain reports.
Since for example the CoA is accessed from /desk#Tree/Account , which page or report should I apply the restriction on?
Role Permission for Page and Report is just for Pages and Reports. Hence you can cover reports like Cash Flow and Ledger Report etc.
But for Tree view, you may have to try changing in the treeview file. It is a JS file.
In case of Chart of Accounts, it is account_tree.js, you could check if the frappe.session.user has the required role say ‘Auditor’. If they have it, it renders but if they don’t the tree doesn’t load and displays a message and could route them back to the desk.
This could be a good feature to contribute.
@RWEMA_Aimable - did you come right with this issue.
If so, do you mind sharing the adjustment you made.
What has worked for us so far is to use User Permissions and give individual users permissions only to the accounts they need. It does not work on the branch, need to do for each leaf. for us is 25 entries per user.
Real pain is you cannot copy these 25 from one user to another so every time new user is created need to do 25 manual entries. Duplicating a user should duplicate all including user, page and report permissions, but does not. A way of copying user permissions would be great.
I don’t have the code I only made the suggestion. To check whether the logged in user has a specified role you can use this :
frappe.user.has_role("Insert Role Name")