I would expect that not every user can create projects, and not everyone can see all projects unless they’ve explicitly been granted permission (i.e. had the project shared with them). But this doesn’t seem to be the case. I’m on V11. Any user I create can see all the projects that have been created.
How do I restrict people from having access to projects unless they’ve been granted such? When I try sharing a project, I see that I can add users and there’s an entry for “everyone” that doesn’t have any of the boxes checked. So it seems like the framework is there, but it isn’t working.
Thanks in advance.
You need to set the user permissions.
That is helpful to know, thank you. But the strange thing is that by default any project created can be viewed/edited/deleted by any user. With the permissions, I see how to give someone permissions, but I don’t see how to take away permissions to view/edit/delete projects.
If you can elaborate a little on that, it would be most helpful.
Interesting. I went in to user permissions and granted one user permission on a project (Setup -> User Permissions, filled out the user with the desired user, Allow is “Project”, and I chose one of the several projects I have set up in the “For Value” field, and “Apply to All Document Types” is checked). That user who previously could see all projects can now only view the one that I put in the “For Value” field.
I tried the same thing for a different user, and it didn’t change anything other than now in the Projects view, there’s a “Restricted” icon in the top right.
I again find it odd that permissions to view projects would be automatically granted and that the only way to revoke viewing is to explicitly grant permission to view the intended projects. I find it even more odd that the same action taken on different users has different results.
Thanks in advance for any clarifying anyone can do.
have you found a solution for the behavior?
@Basawaraj_Savalagi, can you confirm, that this is a bug or is it “Works as Designed”?
It looks like a bug to me, because it means that every new user who gets access based on a role to a DocType, he will be able to see (and access) all documents within that doctype, until a user permission for a specific document has been added - then the ListView gets “Restricted” and limited to documents, where a specific User Permission has been set.
We have found a workaround for the issue: As soon as a user get assigned the role to access a DocType, we will add a UserPerm, that restricts a DocType with "For Value == ".
This cannot be done via the Desk-Frontend, as “For Value” is a mandatory field and cannot kept empty. But the programatic approach based on the role-assignment will work.
I don’t like the workaround much, but until we find another approach, this will make sure, no not permitted access happens.