Hello @Patrick.St thanks for your reply
I’ve just taking some time to dig what is DocShares on versions 12/13 but can’t find any definition for it i can understand till the first bullet, but the rest is beyond my mind
for my requirement here is an example:
i have a 3 users that should have access to specific 5 accounts with numbers in CoA for ex.(1100, 1200 , 1500, 5100, 5200)
I want to create a Role to access those accounts -“Just like when you create a user permission to allow access for each user to each account”- and assign this role to the 3 users.
the benefit here, instead of creating 5 permission for 3 users =15 specific permission
-painful on scale and changing users permissions, right?-
i would create 1 role and 1 allow permission to this role… then add the N number of users to this role.
see this introduction: Sharing
Based on Shares you can define on document level, which user can read/write/delete/share. In contrast to UserPerm it is “more granular”, but UserPerm would allow you to allso manage the access based on the links within a DocType.
Ok, now I get your requirements. As for my understanding, there is no out-of-the-box solution as you are describing. Based on the question, do you want to manage access for only one specific document, or also for nested/linked documents, I would go ahead with Shares or UserPerms.
As it would be very hard to keep track of the permissions (share or userperm), I would suggest to extend the giving methods/ create a wrapper which gets the group as parameter an manages “internally” the users part of that group.
Sure, at the end, it is what you don’t want to have - many permissions. But why not? Validating permissions is fast.
this is the SAP approach, each role is assigned some filter conditions such as company A order type Xx etc,in SAP this filter fields is called org levels. I have ever tried to implement the SAP permission back to 3 years ago, due to it’s complexity it was not accepted.
Oh wow, I wasn’t aware of that. I have also a long/strong background, especially in SAP CRM (and therefore for sure, it’s auth./perm. approach).
As described before, we make right now heavy use of DocShares, query_conditions, UserPerms and the technical/business roles. It is working good, while it is not ideal, as it is hard to maintain/ extend. Therefore we will evaluate what you did in that PR and check its compatibility with v13.
Have you ever made use of your PR in a production environment or did it never pass the development/ conceptual level?
“Business Roles” are within our approach a custom DocType that are managed within each Contact. This means: We have a settings-area where we in general define what “Business Roles” exist and those can be
assigned within each Contact to define, what a contact in daily business “is”
based on custom implementation we create DocShares (and UserPerms) based on documents and the Contact+Business Role information.