Role Permission Issues in Custom Fleet App - Lists & Link Fields Are Auto-Filtered by Employee ID

chrisidakwo · December 6, 2025, 6:26am

I’m working on a custom Frappe app for managing vehicle fleet. Inside the app, I introduced custom roles to control access to various resources/doctypes. I’ve created new User and Employee records, assigned them to these roles, and added the roles to the permissions array for all doctypes in my app. Essentially, all the expected setup is in place.

However, I’m facing an issue:
When logged in as a Fleet Manager (one of the custom roles), I’m unable to see the full list of records for several doctypes. Instead, I always see an orange-colored “cancel filter” icon at the top-right of the list view. Clicking it opens a modal showing that the data is being auto-filtered by certain parameters - mostly the Employee ID of the auth user.

For example, when I try to view the list table for Trips, Vehicle Assignments, etc., the system filters out all records except those associated with my employee record. In the screenshot below, there are vehicle assignment records in the database, but I can’t see them on the table because they’re being filtered out.

I experience the same problem when creating a record that depends on selecting/linking an employee. For example, when attempting to select a Driver (Employee) in order to create a new vehicle assignment record, the employee link field only shows the current auth user’s employee record, even though other employees exist. No other employee appears in the dropdown. See the screenshot below.

To resolve this, I opened the Role Permission Manager and granted the Fleet Manager role all permissions for doctypes like Employee and Vehicle Assignment. But even after doing that, the employee dropdown still only shows my own record, and the list views remain filtered. See screenshot below.

How can I fix this automatic filtering?
Is there a setting or permission I’m missing that prevents these doctypes and link fields from being restricted to the currently logged-in employee?

Any guidance will be greatly appreciated.

asieftejani · December 6, 2025, 7:15am

If i have understood your question properly try this
in the doctype permissions extra fields (little pencil) untick show only if owner

chrisidakwo · December 6, 2025, 5:03pm

Thanks, but they’re all unchecked already.

peterg · December 6, 2025, 10:55pm

This sounds like User Permissions.

Does the Fleet Manager user have a User Permission set restricting the Employee doctype? I think ERPNext/HRMS might create these automatically to restrict access to things like Salary Slips, but they would have the effect you’re seeing as well if you tried to use Employee as a Link field for other purposes

chrisidakwo · December 7, 2025, 1:31am

I created a new user permission record to allow the Fleet Manager access to each of the employee records, and now I could see them in the both the employee select dropdown and employee list table. Thanks for the suggestion @peterg

To test this for the HR , I created a new user and assigned the “HR Manager” role to the new user. Just like with the other user accounts, I couldn’t see the list of employees with the HR Manager account. I’d have thought the Role Permissions Manager together with the permissions array defined in the doctype JSON would be enough to define who has access to what records.

This mean that if I have over 500 employee records, I’d have to create over 500 User Permission records for each user that needs access to all employee records? That seems very counterintuitive.

peterg · December 7, 2025, 2:03am

Role Permissions grant access to a document. User Permissions filter access by link fields.

If you want a manager to see Leave Requests just for their department, for example, you would create:

a Role Permission that grants visibility of all Leave Requests
A User Permission that restricts that visibility only to documents linked to the desired department.

This is powerful but unintuitive (and, in my opinion, dangerous).

In your case, the existence of a User Permission constraining Employee links is preventing your intended functionality. If you delete all User Permissions, it will work the way you intend. This may open up permissions in the HR module, however, which probably isn’t your intention.

if I were in your shoes, I’d probably create a new DocType “Driver” and have the employee record link to that. Changing defaults for Employee is likely to have many unintended effects.

chrisidakwo · December 7, 2025, 5:00am

This was the issue all along. Thanks for the tip. So I see that whenever I create an employee record, by default, two (2) user permission entries are made that limits access to records associated with both employee ID and the associated company ID. On deleting those entries, I get full access.

With that understanding, using a Driver doctype instead of Employee makes sense.

Thanks for the help.

chrisidakwo · December 10, 2025, 9:16am

Pls help me out on this. @peterg

In my app, employees can create requests for trips, and when doing that, they should be able to provide details of other passengers that’ll travel with them on the trip. Passengers can either be fellow employees or guest. To add passengers who are employees, they need to be able to search and select employees for that purpose. With my current understanding of permissions in Frappe, that’ll be difficult to achieve without having to either expose all employees’ records to every user or modify user permissions each time an employee needs to add passengers to a trip request.

How would you suggest I go about handling this scenario? Or maybe I still don’t understand how permissions work?

On another note, I think I can use frm.set_query() on the employee dropdown, but not sure how to go about doing that for a child table with multiple rows of the same select dropdown.

peterg · December 10, 2025, 10:17am

I was just playing around to test out what you were describing here, and I saw an “Ignore User Permissions” field in the Customize Form tool that I hadn’t noticed before. This might allow you to do what you’re looking to do both here and in your original question.

chrisidakwo · December 10, 2025, 10:49am

Oh wow, thanks for that!

peterg · December 10, 2025, 10:50am

Thanks for nudging me in this direction! I don’t use User Permissions myself much so I wasn’t aware that field existed.