Permission in Version 4

Hi There,

In version 3, we were able to use condition to define permission. For example, in version 3, one can add a Read permission on Employee doctype for "Department Head" role with condition "Department in Employee matches User Property department." This gives department head read access over for all employees from the same department. When a new employee gets added to the same department, the department head automatically able to see this new employee. How do you achieve the same in version 4?

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/f982330b-c2fc-4435-a38a-0ce0532f28a0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Hello Mayur,


In ver 4, You can manage role permission @

Setup > users and permissions > user permission manager > edit role permission (above quick help section)

----
Sunil
Nescode (http://nescode.com)
Partner for ERPNext

On Thursday, August 21, 2014 7:22:12 PM UTC+5:30, Mayur Patel wrote:
Hi There,

In version 3, we were able to use condition to define permission. For example, in version 3, one can add a Read permission on Employee doctype for “Department Head” role with condition “Department in Employee matches User Property department.” This gives department head read access over for all employees from the same department. When a new employee gets added to the same department, the department head automatically able to see this new employee. How do you achieve the same in version 4?

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/40173a21-0d2c-48f0-8cb8-1d0a4c091478%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



@rushabh_mehta
via mobile

On 21-Aug-2014, at 7:22 PM, Mayur Patel <ma...@gmail.com> wrote:

Hi There,

In version 3, we were able to use condition to define permission. For example, in version 3, one can add a Read permission on Employee doctype for "Department Head" role with condition "Department in Employee matches User Property department." This gives department head read access over for all employees from the same department. When a new employee gets added to the same department, the department head automatically able to see this new employee. How do you achieve the same in version 4?

Pretty much the same way. In version 4 user property is "user permission".

You also have to check "apply user permissions" where you want the rules to apply. For eg in leave application.


Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/f982330b-c2fc-4435-a38a-0ce0532f28a0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/3BE4B709-8805-46AA-A307-98AE4484B052%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

Hi Rushabh,

I am also the one who feels like Alice in wonderland with regards to permissions in v4.

I am still to understand that what purpose does the v4 permissions solve more than the ones we had in v3.

I think a better thing would be to have 2 or 3 examples written out for permissions manager, since long I have been trying to make some permissions for the my sales persons where we could limit them dynamically based on the sales person and then if a sales person is able to see a customer then he/she must be able to see that customer's transactions

If they have been given access to the transactions. I know I have been asking for the long shots but I guess that would make the system a great one to say the least.

I think a better thing would be have scenarios explained by customers where we could see which cases are not possible in the current permission manager.


On Thursday, August 21, 2014 8:51:26 PM UTC+5:30, Rushabh Mehta wrote:


@rushabh_mehta
via mobile

On 21-Aug-2014, at 7:22 PM, Mayur Patel <ma...@gmail.com> wrote:

Hi There,

In version 3, we were able to use condition to define permission. For example, in version 3, one can add a Read permission on Employee doctype for "Department Head" role with condition "Department in Employee matches User Property department." This gives department head read access over for all employees from the same department. When a new employee gets added to the same department, the department head automatically able to see this new employee. How do you achieve the same in version 4?

Pretty much the same way. In version 4 user property is "user permission".

You also have to check "apply user permissions" where you want the rules to apply. For eg in leave application.


Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/f982330b-c2fc-4435-a38a-0ce0532f28a0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/75eb69bd-ffca-4703-98f0-83e10e71f9e3%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Does reading this help? https://erpnext.com/user-guide/setting-up/permissions


-Anand

On Thursday, August 21, 2014, Addy <ad…@gmail.com> wrote:
Hi Rushabh,

I am also the one who feels like Alice in wonderland with regards to permissions in v4.

I am still to understand that what purpose does the v4 permissions solve more than the ones we had in v3.

I think a better thing would be to have 2 or 3 examples written out for permissions manager, since long I have been trying to make some permissions for the my sales persons where we could limit them dynamically based on the sales person and then if a sales person is able to see a customer then he/she must be able to see that customer's transactions

If they have been given access to the transactions. I know I have been asking for the long shots but I guess that would make the system a great one to say the least.

I think a better thing would be have scenarios explained by customers where we could see which cases are not possible in the current permission manager.


On Thursday, August 21, 2014 8:51:26 PM UTC+5:30, Rushabh Mehta wrote:


@rushabh_mehta
via mobile

On 21-Aug-2014, at 7:22 PM, Mayur Patel <ma...@gmail.com> wrote:

Hi There,

In version 3, we were able to use condition to define permission. For example, in version 3, one can add a Read permission on Employee doctype for "Department Head" role with condition "Department in Employee matches User Property department." This gives department head read access over for all employees from the same department. When a new employee gets added to the same department, the department head automatically able to see this new employee. How do you achieve the same in version 4?

Pretty much the same way. In version 4 user property is "user permission".

You also have to check "apply user permissions" where you want the rules to apply. For eg in leave application.


Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/f982330b-c2fc-4435-a38a-0ce0532f28a0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/75eb69bd-ffca-4703-98f0-83e10e71f9e3%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/CAAQzbF3FMiLu6kUbbKtBw6dxm2fi%2B2pF7ZvybWmcD%3DUcShvkbg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Aditya,

Did you read this?

https://erpnext.com/user-guide/setting-up/permissions/user-permissions

User permissions from 3 to 4 are not that different, it just might take a little getting used to. The main difference is

1. Instead of "fieldname", permissions are now set on values of link fields (like Territory or Company) (which is more correct IMO)
2. Links are automatically validated, if user permissions are applied (Ideal for restricting documents by Company, Territory, Department, which are the most common use cases).



@rushabh_mehta

On 21-Aug-2014, at 11:00 pm, Addy <ad...@gmail.com> wrote:

Hi Rushabh,

I am also the one who feels like Alice in wonderland with regards to permissions in v4.

I am still to understand that what purpose does the v4 permissions solve more than the ones we had in v3.

I think a better thing would be to have 2 or 3 examples written out for permissions manager, since long I have been trying to make some permissions for the my sales persons where we could limit them dynamically based on the sales person and then if a sales person is able to see a customer then he/she must be able to see that customer's transactions

If they have been given access to the transactions. I know I have been asking for the long shots but I guess that would make the system a great one to say the least.

I think a better thing would be have scenarios explained by customers where we could see which cases are not possible in the current permission manager.


On Thursday, August 21, 2014 8:51:26 PM UTC+5:30, Rushabh Mehta wrote:


@rushabh_mehta
via mobile

On 21-Aug-2014, at 7:22 PM, Mayur Patel <ma...@gmail.com> wrote:

Hi There,

In version 3, we were able to use condition to define permission. For example, in version 3, one can add a Read permission on Employee doctype for "Department Head" role with condition "Department in Employee matches User Property department." This gives department head read access over for all employees from the same department. When a new employee gets added to the same department, the department head automatically able to see this new employee. How do you achieve the same in version 4?

Pretty much the same way. In version 4 user property is "user permission".

You also have to check "apply user permissions" where you want the rules to apply. For eg in leave application.


Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/f982330b-c2fc-4435-a38a-0ce0532f28a0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/75eb69bd-ffca-4703-98f0-83e10e71f9e3%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/F85182E1-B8A2-463B-B09F-5D99A9FBAE2E%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

Thanks Rushabh, Anand, Aditya and Sunil.

It seems that permissions in version 4 doesn't seem to work for us. Or it may not have been setup correctly. We migrated a copy of our production ERPNext server to version 4 using migration script. We noticed following issues:

In version 3 we have followings:
   - For a role called "HR User" we setup role permission to allow them to see all the employees in the departments they are assigned to via user property 'Department'
   - For a role called 'PO user' we setup permission to allow them to see all the POs for the companies they have been assigned to via user property 'Company'. We have 6 companies in our instance. Some PO User have been assigned to multiple companies via user property 'Company'.
  - There is a user call Alison, who has been assigned with HR User role and also PO user role. We have assigned 'Project' and 'Operation' departments to her department User Property. We have assigned YPL and SM companies via company User Property.
  - In HR Module, on Employee screen she sees all the employees from the departments Project and Operation.
  - She is able to see all POs from both YPL and SM.
  - Please note that we have customised Purchase Order screen to include Department custom field. It gets automatically filled based on user's default department when they create a PO. We use this department fill for reporting and also for restricting its access for certain users.

In Version 4 (after migration):
 - HR User has been setup with "apply user permissions" checked.
 - PO User has been setup with "apply user permissions" checked.
 - Alison can see all the employees that are part of her departments. Same as version 3.
 - Alison is only able to see POs from her departments rather then the for the companies she assigned to. I think this is happening because the system is applying department user permission as it is defined for this user. How do we resolve this? Please note that Department field is a custom field that is setup on the Purchase Order doctype and it is needed. It can't be taken off.


Also we notice that in version 3, Alison has only one record for employee property type. but in version 4, there are multiple records for Employee user permission. Why is this?


Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/7fd75db2-d4dc-4005-91a5-83b62c4de12a%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



On 22-Aug-2014, at 3:37 pm, Mayur Patel <ma...@gmail.com> wrote:

Thanks Rushabh, Anand, Aditya and Sunil.

It seems that permissions in version 4 doesn't seem to work for us. Or it may not have been setup correctly. We migrated a copy of our production ERPNext server to version 4 using migration script. We noticed following issues:

In version 3 we have followings:
   - For a role called "HR User" we setup role permission to allow them to see all the employees in the departments they are assigned to via user property 'Department'
   - For a role called 'PO user' we setup permission to allow them to see all the POs for the companies they have been assigned to via user property 'Company'. We have 6 companies in our instance. Some PO User have been assigned to multiple companies via user property 'Company'.
  - There is a user call Alison, who has been assigned with HR User role and also PO user role. We have assigned 'Project' and 'Operation' departments to her department User Property. We have assigned YPL and SM companies via company User Property.
  - In HR Module, on Employee screen she sees all the employees from the departments Project and Operation.
  - She is able to see all POs from both YPL and SM.
  - Please note that we have customised Purchase Order screen to include Department custom field. It gets automatically filled based on user's default department when they create a PO. We use this department fill for reporting and also for restricting its access for certain users.

In Version 4 (after migration):
 - HR User has been setup with "apply user permissions" checked.
 - PO User has been setup with "apply user permissions" checked.
 - Alison can see all the employees that are part of her departments. Same as version 3.
 - Alison is only able to see POs from her departments rather then the for the companies she assigned to. I think this is happening because the system is applying department user permission as it is defined for this user. How do we resolve this? Please note that Department field is a custom field that is setup on the Purchase Order doctype and it is needed. It can't be taken off.

On the department field, for the Role PO User, check "Ignore User Permissions"


Also we notice that in version 3, Alison has only one record for employee property type. but in version 4, there are multiple records for Employee user permission. Why is this?


Could be an issue with the patch... There should be only one record.


Kind regards,
Mayur Patel




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/7fd75db2-d4dc-4005-91a5-83b62c4de12a%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/28BBB413-AE5F-495E-A8C2-D47592586CE8%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

Hi Again,

I think one option may be to check "Ignore User Permissions" for Department field for Purchase Order doctype. right?

Could you please still answer 2nd question?  see below.

we notice that in version 3, Alison has only one record for employee property type. but in version 4, there are multiple records for Employee user permission. Why is this?

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/f55a6fa7-7fdb-4195-b143-f2f4aedf4e37%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


On the department field, for the Role PO User, check "Ignore User Permissions"

How do you do this? I don't see department field for the Role PO user?


MP



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/072103d8-7711-4792-9fb2-ab6e58fbb0a2%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Sorry in the field not Role Permissions.

Please read this:

https://erpnext.com/user-guide/setting-up/permissions/user-permissions



On 22-Aug-2014, at 3:45 pm, Mayur Patel <ma...@gmail.com> wrote:


On the department field, for the Role PO User, check "Ignore User Permissions"

How do you do this? I don't see department field for the Role PO user?


MP



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/072103d8-7711-4792-9fb2-ab6e58fbb0a2%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/EF09137F-BF07-4398-94B6-2D39AFA6B4DC%40gmail.com.

For more options, visit https://groups.google.com/d/optout.


On 22-Aug-2014, at 3:42 pm, Mayur Patel <ma...@gmail.com> wrote:

Hi Again,

I think one option may be to check "Ignore User Permissions" for Department field for Purchase Order doctype. right?

Could you please still answer 2nd question?  see below.

we notice that in version 3, Alison has only one record for employee property type. but in version 4, there are multiple records for Employee user permission. Why is this?

Are they any different. Please raise a GH issue for this.


Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/f55a6fa7-7fdb-4195-b143-f2f4aedf4e37%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/356CA769-DAA9-492C-A610-E7F49BCD8924%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

Hi Rushabh,

I read that article multiple time before starting this topic. If I check  "Ignore User Permissions" for Department field for Purchase Order doctype then it will completely ignore user permission.  As I mentioned in my earlier post, we use this department fill for reporting and also for restricting its access for certain users. We have another role called "Department PO User" for these users. We  have setup this role to restrict their access to POs from only their department. So if we ignore permission on the Department field then it will not work for these users. Any suggestions?

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/efaab303-54bc-48e7-85e4-b199165c6546%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Mayur,

Well, if the user has any one permission (via Company or Department) then the document should be visible.

@Anand can you verify if the restrictions are applied as AND or OR?


On 22-Aug-2014, at 4:02 pm, Mayur Patel <ma...@gmail.com> wrote:

Hi Rushabh,

I read that article multiple time before starting this topic. If I check  "Ignore User Permissions" for Department field for Purchase Order doctype then it will completely ignore user permission.  As I mentioned in my earlier post, we use this department fill for reporting and also for restricting its access for certain users. We have another role called "Department PO User" for these users. We  have setup this role to restrict their access to POs from only their department. So if we ignore permission on the Department field then it will not work for these users. Any suggestions?

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/efaab303-54bc-48e7-85e4-b199165c6546%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/9246D53F-47E1-4B6B-A010-1C86ADD88EEB%40gmail.com.

For more options, visit https://groups.google.com/d/optout.



On Friday, 22 August 2014 11:28:32 UTC+1, Rushabh Mehta wrote:

On 22-Aug-2014, at 3:42 pm, Mayur Patel <ma...@gmail.com> wrote:

Hi Again,

I think one option may be to check "Ignore User Permissions" for Department field for Purchase Order doctype. right?

Could you please still answer 2nd question?  see below.

we notice that in version 3, Alison has only one record for employee property type. but in version 4, there are multiple records for Employee user permission. Why is this?

Are they any different. Please raise a GH issue for this.

Yes, they are different. I have added an issue in GH. https://github.com/frappe/frappe-bench/issues/25.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/f55a6fa7-7fdb-4195-b143-f2f4aedf4e37%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/89503021-4f07-4d9a-af3a-fcc232dfde82%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Hi Rushabh,

I think they are AND. But we will wait for Anand to confirm it.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/d5bae375-c3a2-4aff-830f-34ec389fb3d0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

They are AND

A user will be restricted for Company in (X, Y) and Department in (A, B, C)

-Anand. 

Sent from my phone

On 22-Aug-2014, at 16:53, Mayur Patel <ma...@gmail.com> wrote:

Hi Rushabh,

I think they are AND. But we will wait for Anand to confirm it.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/d5bae375-c3a2-4aff-830f-34ec389fb3d0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/5F69A96C-F75F-4965-8F80-DE60E7E7B1BB%40iwebnotes.com.

For more options, visit https://groups.google.com/d/optout.

Maybe we should make it OR, it might fix a lot of issues.

@rushabh_mehta
via mobile

On 22-Aug-2014, at 5:21 PM, Anand Doshi <an...@iwebnotes.com> wrote:

They are AND

A user will be restricted for Company in (X, Y) and Department in (A, B, C)

-Anand. 

Sent from my phone

On 22-Aug-2014, at 16:53, Mayur Patel <ma...@gmail.com> wrote:

Hi Rushabh,

I think they are AND. But we will wait for Anand to confirm it.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/d5bae375-c3a2-4aff-830f-34ec389fb3d0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/5F69A96C-F75F-4965-8F80-DE60E7E7B1BB%40iwebnotes.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/2D4031E3-3799-4D0A-90DD-D03FF9D07086%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

‎Hi Guys, 

Nice to see I'm not the only one who noticed this issue : )

As shown in my thread on this same issue, ‎the fundamental problem with the permission manager in version 4 is that it doesn't allow specific roles to override user permissions (unless you ignore the permissions altogether which is usually unacceptable) 

Version 3 handled this better because you could just set a matching condition for a role and that would automatically give users with that role access to all the docs in the list that matched their respective user permissions

The best solution that was offered (which I believe is currently being worked on) is to allow ignoring of user permissions for specific roles. In Mayur's case for example, ignoring user permissions on the Department field for role PO User should solve the problem 

Cheers!


Kind regards,
Olawale ‎
From: Anand Doshi
Sent: Friday, August 22, 2014 12:52 PM
To: er...@googlegroups.com
Reply To: er...@googlegroups.com
Subject: Re: [erpnext-user-forum] Permission in Version 4

They are AND

A user will be restricted for Company in (X, Y) and Department in (A, B, C)

-Anand. 

Sent from my phone

On 22-Aug-2014, at 16:53, Mayur Patel <ma...@gmail.com> wrote:

Hi Rushabh,

I think they are AND. But we will wait for Anand to confirm it.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/d5bae375-c3a2-4aff-830f-34ec389fb3d0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/5F69A96C-F75F-4965-8F80-DE60E7E7B1BB%40iwebnotes.com.

For more options, visit https://groups.google.com/d/optout.





You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/20140822125827.5378180.66677.9686%40xavierltd.com.

For more options, visit https://groups.google.com/d/optout.

‎Hi Rushabh, 

Trust you're doing great. Not so sure that's a good idea. Check out the following scenario:

-An employee is restricted to seeing only his employee form because he has his Employee ID defined in his user properties

-Same employee also has Department defined in his user properties so that the department field is automatically populated and marked when he raises a document (as in Mayur's example)

-If restrictions are set to OR then it means that this employee (and every other employee who has Department defined in their user properties) will be able to view employee forms for everyone in his department! 

Best solution is still ability to ignore user permissions on fields ‎for specific roles (IMO)

Cheers! 


Kind regards,
Olawale ‎
From: Rushabh Mehta
Sent: Friday, August 22, 2014 1:52 PM
To: er...@googlegroups.com
Reply To: er...@googlegroups.com
Cc: er...@googlegroups.com
Subject: Re: [erpnext-user-forum] Permission in Version 4

Maybe we should make it OR, it might fix a lot of issues.

@rushabh_mehta
via mobile

On 22-Aug-2014, at 5:21 PM, Anand Doshi <an...@iwebnotes.com> wrote:

They are AND

A user will be restricted for Company in (X, Y) and Department in (A, B, C)

-Anand. 

Sent from my phone

On 22-Aug-2014, at 16:53, Mayur Patel <ma...@gmail.com> wrote:

Hi Rushabh,

I think they are AND. But we will wait for Anand to confirm it.

Kind regards,
Mayur Patel



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/d5bae375-c3a2-4aff-830f-34ec389fb3d0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/5F69A96C-F75F-4965-8F80-DE60E7E7B1BB%40iwebnotes.com.

For more options, visit https://groups.google.com/d/optout.



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/2D4031E3-3799-4D0A-90DD-D03FF9D07086%40gmail.com.

For more options, visit https://groups.google.com/d/optout.




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/20140822131646.5378180.88841.9698%40xavierltd.com.

For more options, visit https://groups.google.com/d/optout.