Hi,
I’m tempted also to adopt the SAP model too but I think that in a doctype-centric system it might not be an intuitive design.
My proposal:
Today in ERPNext, the roles are controlled like in the screenshot below.
What if we added the ability to include constraints and custom activities as shown in the screenshot below? I think we would have effectively achieved everything that SAP’s authorization model achieves while still working in a familiar framework.
Roles could then be combined in Role Profiles (or Composite Roles). The only difference with current implementation of Role profiles would be that there would be a one-to-many relationships between Users and Role Profiles and these assignments would have validity dates
New concepts added to current authorization framework are highlighted in blue. Let me know what you think.
Regards,
Chude