I am having trouble figuring out how to use Role Permissions to deal with Price Lists.
If I enable Sales Users to have Read permission for the Price Lists, then they automatically get access to the “Standard Buying” price list as well as all of the selling price lists.
Our commercial customers include more than a dozen Organizations with multiple franchises. Those franchise networks (about 16 of them) have negotiated special pricing for certain products. This means that we have to support 16 different custom “Selling” price lists (for those franchise networks) as well as the “Standard Selling” price list (17 in all). We also have more than 50 sales users.
We only want to restrict access to the Standard Buying price list.
Is there any way to do this WITHOUT having to create over 850 individual User Permissions entries?
The only thing I see in permissions is the Role Permission which grant access to the Price List doc type (which includes the Standard Buying). And then also the User Permissions which can be used to ALLOW access to one price list. (There is no DENY access setting)
my understanding is that you would like to restrict sales users from seeing standard buying item price, if this is case, then you can try the list query condition python script.
kindly share more details with sample data, e.g user account, role assigned, price list , item price etc. then I will try to provide you sample code for reference.
if only maintaining too many user permission records is the problem, as only link field is supported in user permission, other viable option is converting the buying, selling check field into a new link field,
Highlight of the steps involved.
create new customized doctype Price List Type with 3 records: Buying,Selling, Buying and Selling
2.create new customized link field price_list_type in price list and item price doctype
create new python event script(for before save event): auto populate the new link field based on whether buying/selling is checked via python script.
create user permission record applicable on the new customized doctype, select value selling.
Yes, absolutely my biggest concern is managing so many individual user permissions. The sales people turn over fairly frequently and that would mean deleting all of the user permissions for the user that leaves the company and creating all of the permissions for the new person. I would be doing this every 2 weeks on average. That is how often someone is replaced.
This is an interesting approach to a solution. This would reduce the overall user permissions to a single one for each user. I will play around with that over the weekend in one of my sandbox servers to see if I can make it work.
I screwed up the links and it didn’t work. Well, actually a bit more than that. I continued to build on the screwed up parts, constantly trying to fix the symptoms and missing the causes of the problems until I completely broke it. I am resetting the server to start over again.
I am not anything close to a developer and making this all work (while not really complicated) still is intimidating for someone like me.
However, I am not afraid to break something and start over. I have one of my techs rebuilding the server and restoring the database today during his break times.
if not frappe.db.exists("Has Role", {"parent": frappe.session.user, "role": "Purchase Manager"}):
conditions = 'buying = 0'
It will check to see if users have the role “Purchase Manager” (for example), and if they don’t it will restrict their access to only price lists where buying is unchecked.
