I’m having an issue where certain users don’t have access to documents that they should have access to.
Specifically, the users can’t see ToDo documents, even through they should have permissions to. However, they can still access those missing ToDo documents through the linked document (in this case the Item document). The issue is that they cannot search for them in the ToDo list view.
Here are the ToDo document permissions:
Here is the user setup for roles:
Here are the user permissions:
Here is a snapshot of the total number of permitted ToDo documents from the user:
And here is a snapshot of the total number of ToDo documents that I can see:
I can’t really see anywhere else that might govern what documents users can see, and I don’t see any explanation for why some users don’t have visibility on certain documents (while still having access to the documents themselves).
Firstly, please confirm if you are using Assign To functionality to assign documents to other colleagues?
As per the standard permissions, if a document is assigned to the User, ToDo record is created for it, and both Assigner and Assignee is able to access it as a ToDo record. It doesn’t require specifying specific permissions.
Also, standard permissions rule is assigned to that a User can access ToDo assigned to him and assigned by him. Other ToDo records where he/she is not involved won’t be visible to that User.
Thanks for responding umair.
No, the user isn’t being assigned the documents. However, I can’t see why this is an issue, as other users that haven’t been associated with the ToDo can see them. Is there a way to set it up so that every user can see eachother’s ToDo tasks? I would have thought that the “If Owner” or “Apply User Permissions” check boxes would control whether a user needs to be associated with the ToDo task for them to see it, but as you can see from the screen shots, those aren’t checked for many of the Role based rules that are being used.
I believe permissions restriction on Todo is embedded in the code itself. @ManasSolanki can you please check and confirm it?
Actually ToDo is a part of frappe framework which is viewable if either owner or assigned_to or System Manager in roles. You can apply the permissions on the erpnext document type but in case of some frappe documents permission manager doesn’t handle permissions rather it is implicitly embedded in the code itself.
Thanks for clearing this up.
I take it in this case, the Role Permission Manager doesn’t handle the permissions. Is that by design, or is there any particular reason for it? I can’t really understand why the document permission manager wouldn’t be used for this. In my case I want certain users to be able to see the tasks for other users, without giving them administrator access.
It seems counter-intuitive to have the Role Permissions Manager tool be able apply permissions for a document if those permissions won’t get applied. If there is a specific reason that the permissions manager doesn’t get used here, it would make sense to remove the document from the Role Permissions Manager so that there isn’t a false sense of being able to control permissions on this document.