[v11]: Resets custom permissions of multiple doctypes?


Recently updated to v11-staging from v10, honestly even this time around having a lot of issues like the users are unable to access the Sales Orders or Delivery Notes or doctypes, the primary reason for the same seems to be the permission error.

Now the permission error in the console does not say which doctype if causing this permission error which would have been very helpful to figure out which doctypes’ permissions needs to be checked instead it just tells us it’s a permission error.

Is there a way to find which doctypes’ permissions are causing this error?

My request to the development team to include that once frappe encounters a permission error it should at least tell which doctype is causing such error so that the system manager could easily resolve the error and also its a prior warning to those users who have heavy custom permissions that upgrading to v11 would definitely break those permissions if you have had some custom permissions done.

Just for future references what could be the best way forward to having custom permissions, my take is that instead of using the STANDARD roles system managers should make custom roles and assign them to the users so in that case they are rest assured even if the default permissions are changed their system would not be compromised.


i Second this opinion, a clear message should be displayed to help users understand and resolve issues.

1 Like

Permissions are a critical part of an ERP setup. Migrating from one version to another shouldn’t break them! In the event that there’s no way around that, a clear understanding of the breaking changes and steps to remedy them needs to be communicated to users

The team needs to consider this carefully before final release of V11


I figured out why the permission are breaking in v11 vis-a-vis v10

The reason is that earlier permissions had limit by doctype checkbox for certain user roles but now that checkbox is removed so the system now considers every role to be limited by doctypes mentioned in their user permission list which I think is not desirable.

Suppose Sales User have a customer mentioned in their user permission list and you want that user NOT TO BE LIMITED by any customer then you would have to remove the Customers from the user permission list. Also if you want other roles like Sales Representative to be limited by customer on SO, DN and SI then the problem is if there is NO CUSTOMER mentioned in the user permission list of the user then the system would show the SO for ALL CUSTOMERS which is a MAJOR SECURITY BREACH to say the least and hence even I would request the team to relook into the new permissions since they are though very robust but still miss on certain aspects of a normal working environment.