Hi everyone,
I’ve been exploring how role-based permissions are structured in the Frappe Framework and comparing them with what I’m used to in SAP systems, especially while reviewing topics from the C_SEC_2405 certification that focus on role maintenance, authorization objects, and segregation of duties.
While testing access control setups in Frappe, I ran into a challenge where complex permission dependencies (for example, combining document-level access with field restrictions) didn’t behave as expected when users had overlapping roles. It reminded me of similar issues I’ve seen in SAP PFCG when derived roles override parent role authorizations.
Has anyone implemented a reliable strategy in Frappe for managing layered role hierarchies or resolving conflicts between multiple role assignments? I’m curious how you maintain a clean separation of duties while still keeping flexibility in permissions.
I’ve been referencing various best-practice guides and even reviewing Pass4Future SAP Security Administrator (C_SEC_2405) materials to understand how role inheritance models can be adapted to other frameworks, but I’d love to hear real experiences from those who’ve handled this directly in Frappe.
Thanks in advance for any insights or examples from your implementations, I’m especially interested in how you approach permission validation or audit tracking in complex setups.
Britanneywiley