ERPNext.com Frappe Cloud Support Partners Foundation Frappe School

How set permission for a role to only be able to edit records they Created, but still see the other peoples' records

I need to give a branch accountant the ability to:

  • Add new suppliers with the ability to edit their information.
  • View and create invoices for the other suppliers that he didn’t create.
    As in the image, I can’t add two different permissions for the role being the creator, and for the same role being only a viewer and not a creator of the record (supplier)

If I Check “Only if creator” he will not able able to even view the other people’s suppliers.
If I try to add a clone of this permission with the same 0 level but unchecking the "Only if creator nothing happens.
Any suggested solutions?

  • Add new suppliers with the ability to edit their information.
    Give him the permissions to Read, Write and Create for the document Supplier.

  • View and create invoices for the other suppliers that he didn’t create.
    Give him the permissions for to Read and Create for the document Purchase Invoice.

As in the image, I can’t add two different permissions for the role being the creator, and for the same role being only a viewer and not a creator of the record (supplier)

You can ignore this permission, it is to restrict the User from seeing Invoices created by other Users, since you don’t want it, keep it unchecked.

Unfortunately, if I give him the “Create” permission, without “Write” ability he won’t be able to create new invoice. When He creates a new one, it is all grayed out as in the image:

So, if I give him the permission to write and create, and uncheck “Only if Creator”, he will be able to edit other users’ draft invoices, unless I use a work around and add another restriction permission like a branch or territory which is considered a complication in the workflow

What I need is a way to allow him to view other people’s invoices, without editing, and create and edit his own invoices.

I found the solution finally:

You can create two role permissions for the same Role, and document.

  • one of them for the role being the creator
  • and the other for the role as a viewer only (not the creator)

It only works if you add the role permissions in this order:

  • First: Add a role permission for the role and check “Only of Creaor” - with more permissions like writing and creating.

  • Second, Add the same permission of the same document for the same role

and it will be added as a copy of the one in the previous step, but (Only if creator) is unchecked.

Now, a user given these role permissions will be able to:
Create new customers, edit them and add details at any time.
View customers created by other users and view their details in the customer master, and create invoices for these customers.


If you create a role permission while unchecking “Only if creator” first, you won’t be able to create the other “Only if Creator” role permission.

5 Likes

Hello,
I tried this in V13,but it is not working. May I know what version you are using?

I used it in V12, and with V13, I didn’t test it thoroughly in V13, but I guess it works for me with the following condition:
Permissions can’t intersect between being an owner and not and owner. check the image below:

You will find that the permissions in the “Only if creator” section, are taken off from the user when he is not an owner.
For example: if you give him the ability to read in both (an owner, and not an owner), He won’t be able to read unless he is the creator of the document, because you made a limited permission in the (only if owner condition)
So, what you should do is: give write and amend only to the owner (Also submit and cancel if you want). And give all the other permissions to the other (Non-Owner) cases.

I understood your point about not intersecting permissions. I did the same thing


The user with role “General” is only able to see the record he created.
Did you add any other permission type?

After retesting this on my current V13, I found that the system only uses the “Only if Creator” conditions and doesn’t use the other “non-creator” permissions selected.
I guess the solution should be in editing the pythin files responsible for permission conditions, which I have no experience to deal with. @ sabiyamalbari

1 Like

For the new commers’ information, this solution used to work on V12, but no longer working in V13 (this comment is with an installation updatd to 13.9

I think it was a “useful” bug in V12 but “unfortunately” has been closed in v13.

1 Like

`

Set permission for a role to only be able to edit records they Created, but still see the other peoples’ records

`Is there any other solution for this use case. Can customization help?

I believe that Workflows can make this possible. As some states can be checked for “Self Approval”. I am not sure of that, I am still playing around with the Workflows to get it perfectly useful for my work.
You don’t believe that I was watching a video from your channel before writing this comment. :slight_smile:

1 Like

In version 13.14 they made a minor change in “if_owner” to enable one user to have two roles, one as owner, and other as a reader only. I have not tried it yet, but I guess it will help. I will update after trying it.

fix: if_owner constraint being applied wrongly by sagarvora · Pull Request #14471 · frappe/frappe (github.com)

1 Like