We are redesigning how permissions are customized. There is now a new doctype Custom DocPerm that will be created when a user customizes permissions for the first time. If the doctype has custom permissions, they will be taken as priority over the default permissions.
How is this better?
In the current design there is no way to identify if the user has changed default permissions or not, so they are never updated (even if default permissions are updated)
By this change, if the user has not changed default permissions, they will be updated as they are updated in the core product.
Will these new custom Document Permissions overwrite hard coded permissions? Currently there are some permissions that can’t be overwritten with the current system (ToDo for example).
Would there be a report or something to show how custom permissions are different that out of box so admins and see what is there and can pick those up if needed in customized perms?
This is better from update perspective. Often, the custom permissions are lost when we do the updates.
Also when we change the permissions of a doctype, it updates the doctype json and when we pull from github for updates, git keeps complaining about merge conflicts. This area has been a pain and this change you are proposing will help overcome that.
Besides, keeping custom permissions separate from the core doctype is much cleaner.