New User Sees Workspaces, Reports, and Dashboards

I have created a new user with no roles, role profiles, workspaces, or module profiles, yet, when that user logs in, he has access to “Build,” which includes the list of workspaces, reports, and dashboards. This user does have a user type of “System User.” Shouldn’t this user see nothing when logging in? How do I remove access to the workspaces, reports, and dashboards?

This is the shortcut.

  1. Edit current user.
  2. Make sure at least one role applied on this user, you can’t go to next step if the user doesn’t have role applied.
  3. After applying minimum one role on current user then “module profile” options should appear, if current user doesn’t have any role then “module Profile” options doesn’t appeared.
  4. Uncheck the “core” and the “global” module profile and save.
  5. Reload the browser and now the “workspace” should be dissapeared.
  6. If you need the current user see empty then uncheck all of “module profile”, any role you’ve applied on the 2nd step doesn’t affect.

Sorry for the long explanations, i did assuming you are a new using this erpnext.
Good luck.

When I want a user to be something other than “Website User” but do not want them to have access to anything really, I just create a role called “Newbie” and then I give the new user that role only.

The role is not applied to any document or report, so they see nothing until I assign the next role the new user is trained to use. Once they are trained and assigned other roles I uncheck the “Newbie” role from their profile.

Ok, so why do this? Well, it is the first thing to do to get new users in the habit of logging into the system. They get to make all the mistakes around the login process before they are actually able to do any harm to the system.

Never give anyone “System User” because it is essentially reserved for the ability to do almost everything short of being the Administrator.

Hope this helps.


this is much more simpler :+1:

@bkm how do you think I can overcome the challenge of allowing users via and update doctype via REST API but not able to view or edit same doctype if they login to ERPNext directly?

I am sorry, I do not use the REST API so I could not really tell you how to differentiate the users with it.