Permission problem with "Fetch From" solved, but is there a better way?

Hello Gentlemen,
I created a new DocType called Lizenz, which contains these fields:

In employee_name the property “Fetch From” is set to “employee.employee_name”. Nothing special so far: fetch the full name of an employee after an employee is selected in the link-field.

But this only works if the current user has read-access to doctype Employee. We only want to grant “Select” to the users who are supposed to use doctype Lizenz:

If a user with role “ITUC Lizenzen” updates field “employee”, this error occurs:


Translation: “You need Read-Access to fetch the values from Employee…”

I also checked “Ignore User Permissions” on the fields “employee” and “employee_name”, but the error persisted.

My solution:
I removed “Fetch From” from “employee_name” and wrote a client script to make a call to the backend whenver “employee” is changed:

frappe.ui.form.on('Lizenz', {
	employee(frm) {
		frappe.call({
			method: "erpituc.erpituc.doctype.employee.employee.get_employee_name",
			args: {
			  "employee" : employee,
			},
			callback: function(r) {
				frm.set_value("employee_name", r.message);
			}
		});

Backend:

@frappe.whitelist()
def get_employee_name(**args):
    employee = args.get('employee')
    return frappe.get_value("Employee", employee, "employee_name")

This works fine so far, but I think there should a better way. It’s obviously a common usecase to grant “Select” to “Employee” and fetch the full name or other selected data without exposing the full data of “Employee”.

The existence of Option “Ignore User Permissions” in the field properties hints at an existing solution, but how is it applied?

Tried something else: customized Employee, set “Ignore User Permissions” for field employee_name.
Didn’t work either.