Simpler Roles and Permissions

Araskho · December 11, 2021, 10:00am

Hi everyone.
I have read all related docs but I think the systems for roles and permissions is highly tailor able but is lacking simplicity and good defaults.
Most businesses have the following users:
Some one who makes sales and should be able to : 1- input invoices 2- give discounts 3-know stock availability
some one who handles stocks: 1- delivery note 2-purchase receipt
some one who handles buying: 1- purchase invoice
and It’s very important that sales and stocks don’t have access to product cost, value and expenses and purchase access to sales data.
Please correct me if I am wrong (am a novice) but right now I don’t know what roles to check on top of that I must handle these things with permission levels in every Doc separately.
But I think restricting financial data and sales/purchase channels in a company makes common sense.
Would be nice if there were some basic default roles which include these things.

JayRam · December 11, 2021, 6:41pm

Hi Araskho,

I think ERPNext has perhaps got the most versatile user Roles & Permissions. With that comes complexity of course. But actually it’s not all that complex. You just have to play around a little bit, and you will be able to configure Roles & Permissions very close to what you want it to be.k

Thanks

Jay

peterg · December 12, 2021, 7:04am

This is the paradox of roles and permissions. We want them to be simple, but we need them to be complicated. The details are always messy.

For example, the three roles you describe here:

are pretty much exactly what the default roles “Sales User”, “Stock User”, and “Purchase User” are designed to do. Is there something about how they’re implemented that doesn’t work for your use case?

Araskho · December 12, 2021, 8:27am

yes, right now sales users can’t issue invoices, also they have access to product value and buying prices and other costs.
Yeah what I’m suggesting is changing these rules so that they include the above mentioned issues.

peterg · December 12, 2021, 8:53am

The invoice question is tricky. In many organizations, the sales team issues Sales Orders but the Invoices are handled by the accounts team. That’s the hard part: no single set of permissions is going to work for everyone, and the question of best defaults gets very subjective.

For purchase prices, where are your sales users seeing those? It’s possible my set up is different, but my sales users can’t see purchase details.

Araskho · December 13, 2021, 8:35am

well they can, both in stock and sales they can see item values.
and I really don’t think that most operations have someone other than sale issuing invoices.