Hi,
We are trying to build an independent app on top of APIs provided. While starting the application, we are loading some meta data like docType information, docfields and their option etc, which basically requires a role of system manager or administrator, hence their credentials are needed to be set in the configuration.
While shifting to production environment, we don’t want to expose the admin credentials inside the code, so we were thinking of creating a role which only has basic reading rights for DocType and DocFields, so, is there way to assign another role with only read permssions to doctype DocType ??
you can do that with setting the doctype permission
or if you want do with API i think you could do make the custom method only for reading them
@bobzz_zone Doctype permissions are disabled by default for doctype “DocType” (I’ll just call this “doctype DT” from now onwards), and it’s not available in role permission manager either. We can also touch mariadb, but is there a cleaner solution?
Then make it enable by script or change the permission via database if you really need to
or makes a hooks to prevent update a doctype for certain user
I would like to know how you could solve this situation, because for example, when a user needs to select a DocType (ie Party List), this method is called frappe.desk.form.utils.validate_link?value=Shareholder&options=DocType&fetch=&_=1592682924796 and there is no way to assign read permission for Doctype doctype. Thanks.