Specific user has Create, Save permissions assigned for Company using Role named ERP Accountatnt Manager.
But same user is restricted in User Permissions to DocType Company and Company#1, which is mother-company. User is not allowed to see or manage any other top-level companies.
The issue is, currently mentioned user cannot create new companies at all. Has anybody any experience configuring permissions for this kind of schema?
I use erpnext version 15
If the user does not have access to any other companies, why do they need to have create option for company?
If you want the user to create companies then it should be obvious that they should have permissions to that company. Right?
How is it that the user has permission to create companies (which should obviously be a very high level role) but not have access to that company?
Just remove the user permissions, create the company and reset the permissions if required. I don’t see any practical use cases for this scenario to warrant any changes though.
If the user does not have access to any other companies, why do they need to have create option for company?
Simply, user must create companies that are childs to mother-company, where user is fully allowed. We have multiple companies, but this specific user manages only a part of those.
If you want the user to create companies then it should be obvious that they should have permissions to that company. Right?
Please read my post again and notice “But same user is restricted in User Permissions to DocType Company and Company#1, which is mother-company.” User has full access and permissions to mother comapny. It is obvious.
Just remove the user permissions, create the company and reset the permissions if required. I don’t see any practical use cases for this scenario to warrant any changes though.
User cannot have permissions to change user’s permissions, so one cannot change itself permissions to add a company, and then get back to previous permission settings - it’s unacceptable. It is also not acceptable, that any super-user at any time must change permissions for user to allow him to create new child-companies. It must configured and must not require any attendance or super-user managing.
Practical case for this scenario is simply to be allowed to create child-companies, as child-companies are strictly linked to mother-company in our business structure and this is a separate tree of connections and relations, and only a specific user manages this structure.
Also projects are strictly linked to companies, and user cannot see projects and tasks from other top-level companies.
├── Company #1 - mother - user has full access
│ ├── Child-company 1
│ ├── Child-company 2
│ ├── …
│ └── …
├── Company #2 - user is not allowed
├── …
└── …
As I mentioned in my post, now user cannot create any company.