Hi All,
As you are aware, we are working on introducing Employee Self Service (ESS) for our customers soon.
Design
Following are the changes made in the current product to introduce the ESS feature:
1. User Type
A new doctype called User Type
has been added. User Type can be edited by the System Manager (and the Admin) only. However, the System Manager has the right to give rights to anyone to edit/add/delete the User Type doctype.
Website User and System User will be standard user types and these cannot be deleted or edited. However, non-standard (Custom) user types can be deleted, created, edited. By default, delete rights are not given to any user.
User Type is created so that in the future we can introduce “User Type” based pricing.
In the User Type doctype, you need to define the following:
a) Role and User Permissions: The role for which this User type is applicable. In our case, the role, ESS User is applicable against the User Type, ESS User. Also, since all ESS employees will be restricted to their own records, defining the same here will automatically create User Permissions for that ESS user.
b) Document Types: Here, for now, the System Manager is free to add max. 10 doctypes in total including a max of 3 custom doctypes. (We can change the max no. of standard and custom doctypes later on based on feedback).
The above table also acts as the Role Permission Manager for this particular User Type (ESS User in our case). ESS User as a role won’t be accessible in the general Role Permission Manager.
You can expand the row of the table to give read, write, create, cancel, amend, delete access to the ESS User for that particular doctype as shown in the screenshot below.
Based on the doctypes that the System Manager adds, the 3rd table, “Allowed Modules” in the User Type doctype gets updated. For example, we have added doctypes related to the HR and Payroll module in the “Document Types” table. Based on this, the “Allowed Modules” table gets updated and the ESS user will only be able to see these 2 modules on his desk and the doctypes defined here in these 2 modules. This table is non-editable.
Since “Allowed Modules” has been translated into a table for custom User Types (ESS User), the allow modules section in the User master won’t be visible for such users. Also, the Roles section won’t be visible for such users in the User master.
Roles and Allowed Modules section will be visible only to users who have Standard User Type, i.e. to System and Website Users.
c) Document Types (Select Permissions Only): In this table, you need to list down all the doctypes that you want the ESS user to have SELECT access to. There is no limit to the no. of doctypes you can add here.
2. ALL role removed from Role Permissions Manager
So ALL is a role that every user has by default. All the doctypes that ALL has access to, every user will have access to it by default.
To restrict the System Manager to give access to doctypes not listed in User type to the ESS User via ALL role, the ALL role has been removed from Role Permission Manager, i.e. it exists, but it won’t be accessible to the System Manager in RPM.
NOTE: ALL role (for the Custom doctype) will only be visible to the Administrator.
3. User Type editable in User master
When you create a new user now, you will get a quick entry which will also give you the option to select the User Type (link field).
If no roles are given, the User Type will be “Website User”. If any role having desk access is given, then automatically the User Type becomes “System User”.
To make the user an ESS user, go to the User master, under the “Security Settings” section, change the User Type to “ESS User”.
On doing so, automatically the user will be assigned the role of ESS User
. What you will have to do next is create an employee record for this user, and tag the User ID of this employee under the “ERPNext User” section in the Employee master as shown in the screenshot below.
Please leave your feedback/suggestions as a comment on this post. This will help us to release this feature sooner.