ERPNext.com Frappe Cloud Support Partners Foundation Frappe School

Unable to configure permissions correctly for different levels

I am trying to provide write access to two different roles on mutually exclusive group of fields. For example, I have created a DocType TestUser containing First Name, Last Name, Email, Mobile fields. There are two roles, say Manager and CEO. First Name and Last Name are assigned level 0 and Email and Mobile are assigned level 1. In Role Permission Manager below is the permission given

LEVEL 0 FIELDS - First Name, Last Name
LEVEL 1 FIELDS - Email, Mobile

LEVEL 0 - MANAGER ROLE - READ & WRITE AND CREATE
LEVEL 1 - MANAGER ROLE - READ
LEVEL 0 - CEO ROLE - READ
LEVEL 1 - CEO ROLE - READ & WRITE

Manager is able to create, update and save different records as per permissions, but for CEO level 1 fields are editable and level 0 fields are read-only as expected, but I am unable to save the details entered by CEO. Is this expected? Is there any way to achieve this use case? I am using ERPNext: v13.10.2.

Thanks

I’m guessing it’s because of this?

Generally we define all base permissions (Read, Write, Delete, Email) on level 0. Try testing it by giving CEO Read and Write on some level 0 fields and check.

Thanks @kennethsequeira, but for my usecase I don’t want CEO to be able to edit fields with permission level 0. Simply put the idea is to be able to configure field level read and write access for different roles. Is there a way to achieve this?