ERPNext Conference 2019* ERPNext.com Blog

Permission restriction on Employee


#1

Hi,

We are trying to allow the following restriction for an employee (Employee A) who is also a Leave Approver :

  • For Leave Application : Can view his own (Employee A), can view Employee B who reports to him.
  • For Salary Slip : Can view only his own (Employee A).

Thus, when we are assigning restrictions at the Role Permission Manager,
For Leave Application, for the role of Leave Approver, Apply User Permissions -> If Employee is permitted
For Salary Slip, for the role of Employee, Apply User Permissions -> If Employee is permitted

and under User Permission Manager,
For the user Employee A, he is restricted to Employee A (himself) and Employee B (employee who reports to him)

However, since employee is permitted to be view Employee B, he is able to view his Salary Slip as well. We only want Employee A to view Employee B’s Leave Application, not Employee B’s Salary Slip and other Employee B transactions.

Kindly advice or do feel free to inquire if further elaboration is required.

Thank you.


#2

Hello,

This is working fine in my test account.

As per the default permission, access of Employee role is restricted based on “Employee” field. Please check permission for the Salary Slip is configured as mentioned in the screenshot.

May I know which roles are assigned to the User? As elaborated, it should only be Employee and Leave Approver Role assigned to User.

In the Employee master of Leave Applicant, have you listed Leave Approver?


#3

Hi @umair, thank you for your response.

Salary slip is indeed configured as following :

User A - Employee, Leave Approver
User B - Employee

Thus, User A should have a view of User B’s Leave Application but not Salary Slip.
If User Permission Manager is like this :

And if I set Apply User Permissions at Salary Slip and set to Employee Doctype like you had shown, would’nt that mean Employee A can view Employee B’s Salary slip as well.

Thank you for your patience in helping us understand.


#4

what could be the solution for this for v11?