Linking a user permission role with current login session ,

I want to link certain roles to certain login sessions –
Use Case
Employees will login from their own id , and dont have invoicing privileges , only inventory , On Managers approval they can act as a cashier and can do invoicing ,
So employees will press a button (grant cashier access) which will ask for managers userId /password,

and once manager approves it , his current session will get access to invoicing (role permissions) for his current login session only ,

when he logs out , the permissions will be reverted and not have sales permission any more.

how can i link permissions to specific login sessions?

Thanks in advance.

Alright I think you are doing this in order to secure your installation. I don’t have any ideas about how you or somebody can go about implementing this but in the meantime you can use other features to secure your system.

You can restrict users to a single session, in fact you can restrict to a static IP address too if you want.

Actually not securing the installation , it’s for providing access to employees as mentioned , there are multiple employees in the company , they all have Thier accounts and work in shifts ,

Single IP solution is actually valid but there are multiple locations , and the employee can be given permission any of them any time … also if the location network is down they should still be able to using other temp connection . …

But once they logout … permission gone .

Each time the manager has to give them access to the role just by entering his credentials.

One possible solution would be to set a flag in the session parameter then whoever has that flag will get that permission to those documents… so on each concerned document check would be there for the flag.


But I don’t know a way to add a flag to the session parameter frappe.user.session