Permission Loophole

Hi ,

The new permission structure still needs some work in order to make it user friendly but I think the most urgent need right now is to close a very obvious loophole that currently exists

In the old permission structure, there was the option to give document access to a role ‘IF’ certain linked doctypes were allowed for the user. With the new permission structure, you grant the role access to the doctype and then go into every user’s permissions (those who have that role) to ensure they are all restricted appropriately ELSE… and here lies the problem… they will have visibility of all the documents

A simple classic example is Salary Slips. One of the first issues we noticed with V12 is that once you upgrade from an older version, all Salary Slips become visible to ALL employees! You then need to go into every user’s profile and restrict them to only their own Salary Slips! This is just an example… the same issue can be seen in other areas and becomes painfully obvious whenever you grant doctype access to any widely used role like ‘Employee’


We urgently need a checkbox ‘User Permission Required’ in the Role Permission Manager. When this is checked (and it should be by default), the user will not be able to view the doctype unless he/she has at least one user permission defined for that doctype. If the user however has a role which permits them to view the doctype without the User Permission restriction, then they can see all records

This needs to be looked into urgently


1 Like