User Permissions is still a pain. On ERPNext Cloud the highest number of setup queries are regarding user permissions and we need to fix it.
The core reason this fails is that there 3 keys to user permissions
and you need to edit two views to set them
- Role Permission Manager (Apply User Permission - select doctypes)
- Make “User Permission” Rules.
This is NO VIEW that helps you to understand the permissions
Here is our proposal:
Remove roles from user permissions
How this will help? There will be only one view to set user permissions, just create the “User Permission” records and based on this, the user will see only those which the user has been assigned for that doctype (not extrapolated to user)
Restrict User A to Project X and Y
This has probably 15 steps
- Go to all DocTypes (like Tasks, Invoices, Expenses) that have “Project” link and check “Apply User Permission”
- Select “Project” DocType in each of them
- Create “User Permission” record for User A for Projects X and Y
All Tasks, Invoices, Expenses etc restricted for User A to Projects X & Y
(Note: provided, the user does not have another role that allows)
- Create User Permission record for User A to restrict Project X & Y
User A restricted to all transactions that have “Project” link to Projects X & Y
Ignore User Permissions check?
That will still apply!
Please let us know your views!
We can also apply granular permissions by adding an option in “User Permissions” to apply to all linked DocTypes or specific ones.
Role permissions stay as it is.