Looking for suggestions on implementing dynamic permissions based on assignments or context

Hi everyone,

I’m currently working on a use case where the standard Role-based permission system in ERPNext isn’t flexible enough.

In many scenarios, we need to grant users access to a document only if they are directly involved — for example, through a linked Task, Assignment, or a specific field in the document (like assigned_to or department).

Some examples:

  • A user should be able to edit a Project only if they have a Task assigned that’s linked to that Project.
  • A document should be visible or editable only if the user is listed in a specific field (e.g., assigned_user or responsible_person).
  • Permissions need to be automatically granted based on real-time relationships, not just static Role and User Permission settings.

I understand that has_permission and get_permission_query_conditions can be customized, but I’d like to know:

  • What’s the best way to structure such dynamic, context-aware permissions in a maintainable way?
  • Are there any existing patterns, examples, or apps that already implement this kind of logic?
  • Any caveats or best practices from those who have done something similar?

Appreciate any guidance, examples, or ideas from the community.

Hi

The side bar functionality of Assign To and Share work the same way you want it.

You can assign and share any project and controls a user access being read only or to be able to edit that record at the same time despite that particular user has no access of project module as a user or a manager.

2 Likes

hello @ahsantareen

Thank you for sharing this. Yes, this makes sense — the Share feature does provide record-level access control and works even when the user doesn’t have standard role-based access to the module. We can also automate the sharing process using custom scripts, for example, by auto-sharing a document when a related task is assigned. This approach fits the requirement well and gives us the flexibility we need. Appreciate the insight!