I’ve implemented all the necessary permissions to enable users to Read and Edit only their own Leave Applications.
Additionally, non admin Employees have access to limited fields in Employee Doc. Therefore, all Employees are able to view a list of other Employees (in HR) and a subset of Employee fields in the Employee form. This is to serve as a company directory.
When an Employee (other than self) is opened, under ‘Related Documents’ at the top of the form are Leave Application, Expense Claim, etc.
How do I make sure that an Employee cannot ‘create’ Leave Application, Expense Claim etc for anyone other than self.
At the moment, clicking the new from ‘Related Documents’ creates a new Leave Application with the selected Employee being pre-selected. Currently I have made this read only using permissions to prevent changes but I need to prevent creation of a new Leave Application (if not self) altogether.
You should use “User Permissions” to restrict the user to see only his own employee record.
Please check https://frappe.github.io/erpnext/user/manual/en/setting-up/users-and-permissions/user-permissions
I think you haven’t understood my predicament well.
When I use ‘User Permissions’, Employee can only see 1 record (their own) in Employee List or wherever.
This is not the functionality I want. What I need is the Employee to see all other Employees and have access to subset of fields. That I have already achieved via ‘Permission Level’.
The problem is: When an Employee opens any employee’s record, they have access to Menus (the ‘New’ button in ‘Related Documents’) that allows the Employee to Create New Leave Application, Expense Claim etc for Other Employees. The current User/employee should only be able to create their own Leave, Claim, Timesheet etc. New should be invisible for others.
Please see attached file for screenshots.
It seems we need a way to apply permissions to the Employee dashboard. Or is there any (code-less?) way of resolving this?
I was busy with ERPNext Conference, could not reply yesterday.
Yes, if you have set User Permissions based on Employee and applied user permissions in Leave Application, then it should not allow to set other employee value in Leave Application, while creating from Related Documents. We will try to fix it. Can you please create an issue in github with the above screenshots and your permission settings?
May you share your configure because i’m facing the same issue with you, that mean current login user can create and submit Leave application of other user.
Thanks for advance dkeith
We almost face the same problem.
I am the system administrator and I have all permissions granted to my user account. When I try creating a timesheeht for an employee, I get a message informing that my permissions are insufficient. Please advise.
We have the same problem when we try doing that through the APIs.