How can I mix between Role Permissions and User Permissions?

ahassoun · November 26, 2023, 10:16am

Role Permissions and User Permissions are great, but I can’t figure out how to mix them.

Let’s take the Sales Order for example, and we have 3 Roles: Sales Manager, Sales User, and Field Agent.

Then we have Territory as a (restrictor) or controller field to use on User Permissions.

The challenge here is that if I used User Permissions, then ALL Sales Orders that don’t belong to the same Territory will be completely hidden.

My optimal output would be to allow the Sales User to READ/SELECT ALL Sales Orders, BUT WRITE/EDIT only the same Territory, and use the rest of Role Permissions capabilities like Perm Level and so on.

Sales Managers will have permissions on all Sales Orders
Sales Users will have DELETE IF CREATOR, CREATE, READ and WRITE IF SAME TERRITORY
Field Agent will have down to Perm Level options across all Sales Order, and another set of options on the same Territory

Doable out-of-the-box?

Another minor question: what is Select in the Role Permissions? How is it different from Read?

mangroliya · November 26, 2023, 10:29am

Select will give permission to select that doctype in various forms, while read will allow to view that Doctype full in read only mode. For example, if you give someone only Select permission on Employee, that user can select the employee field in the data entry forms but cannot go on the Employee Doctype and see the records of Employee, while read permission will allow both select and read the record.

Thanks,

Divyesh Mangroliya

ahassoun · November 26, 2023, 10:45am

Clear, thanks!