Try ERPNext Try Frappe Cloud Buy Support Partners Foundation

Limit user visibility to project members and restrict access

Dear community,

I would like to restrict the visibility of other users (eg. within “assign to”/ “shared with” and mention-possibility within the comment section or in emails) to the members of a project. In best case I could set a hierarchy, like:

  1. Project Manager: Can see/ mention/… all users part of this project and assign also new members from the ERPNext user list
  2. Project Member: Can see/ mention/… only members of the project in context of a project. No new assignments/ shares possible
  3. Guests: The customer is in addition limited to access only a few information (eg. attachements, comments) and no other information, in relation of the project.

Reason for this is, that I don’t want to know “Project Members” and “Guests” working on a specific project, which other users exist in ERPNext.

Is this possible to be done by configuration?

Thanks in advance!

I think, a part of my requirements can be done by setting up the roles and perm level (https://docs.erpnext.com/docs/user/manual/en/setting-up/articles/managing-perm-level) properly.

What I couldn’t figure out right now is, how to limit the visibility of the autocomplete-fields (so that all autocomplete is limited to the users assigned to the project).

To achieve this use user permission.
You can give permission to the users based on different criteria.

https://docs.erpnext.com/docs/user/manual/en/setting-up/users-and-permissions

Hello!

  1. It is necessary to define the role of the user whose access should be restricted (role with restriction).
  2. You need to customize the doctype fields by assigning access rights not 0 to the fields that they do not need to see.
  3. For a Restricted Role, give access a level 0.
  4. Also set the “If creator” setting for the role.
  5. Let the project manager “share with” specific users.

This will allow the user with the restricted role to see only the specific Tasks that has been shared with them. And not see fields with a higher access level.

Hope this helps.

1 Like

This worked for me - thanks a lot!