Setting up role permission

Hi there,
I am facing difficulty in providing roles for the employee.
What i am trying to do is that allowing employees to view their own profile and not anybodys else.
In the same way they can view only their reports but not anybody else report.
Do i have to set it up in user permission manager for all the employee in the company?
If this is the scenario than it ll be a very tedious task.

Hi @Ujjawal,

Your users are connot see other user’s profile unless you assign them the role of System Manager. And for reports you have to do the tedious job. Sorry but no easy way exists for now. :sweat_smile:

Thanks,
Shachi

1 Like

I didn’t get you @shachiTakalkar. I am talking about the employee Document of other Employee not the user profile. and right now it is visible to an employee who has just the role of employee and no other role.!
Can you help me out with the role permission

Okay!

So to restrict one employee to go through other employee’s documents you can assign each employee a role and then add restrictions to them.

By default each employee is assigned employee role.
So under role permissions manager i am selecting doctype employee and role as employee and if i check “apply user permission” and so it wont display users own profile too.
So what wrong am i doing?

As per the default permission, if Employees are set on these lines, then they are able to see only their Employee master.

  1. Out of HR User/HR Manager and Employee, only Employee Role should be assigned to the User.
  2. In the Employee master, User ID should be set in a relevant field.

In the Role Permission Manager, User Permission is applied by default for Role Employee on the Employee Doctype.

Please check if you have defined User ID in the Employee master.

Yes i can login to the system for the person having just the employee role.
So user id is set.
Can you tell me the under role permission manager what to do.

The default permissions is enough and if you have applied extra restrictions then either remove them or set them to default.

Still employees are able to see everyone else profile.

I looked around for a way to do this easily as well. If you want your employee to be able to see his own record only the best way I have found so far is to remove the “Employee” permission from the employee role, and then from another account share the employee record with that employee.

Go to Setup–>Role Permissions Manager. Choose the Employee role, Remove the rule for the “Employee” Document type.
Then go to the employee record and on the left sidebar share the record with the employee.

A user with no permission set to view a record will only be able to see records that were shared with them.

The following post (#11) is a much better way to do this

On an out of box 7.x installation, if a system user is granted the employee role, then they can see a lot of things actually that they probably shouldn’t. These are my notes as to how to restrict so an employee can only see his/her own record.

All these changes happen in role permission manager.

**DocType**                **Change**
Appraisal              Add Apply User Permission + If Employee
Employee               Add Apply User Permission + If Employee
Leave Application      Add Apply User Permission + If Employee + If Leave Application
Salary Slip            Add Apply User Permission + If Employee
Student Application    Remove Guest Role
Timesheet              Add Apply User Permission + If Employee

Hope this helps. I had to do some test scenarios in my test instance to figure this out. This is an area of the platform that is not well documented.

2 Likes

hi there, @James_Robertson
I’ll try at my end and revert back to you.

Hi there, @James_Robertson,
I Have tried it and i have already set the employee role to apply user permissions but still no luck…
I ll Paste an image for the same.
To allow the employee to see their own profile i have to set it in user permission manager but then i have to set it for all the employees individually.
So it is not the good way.
Can you help me out?

If i keep it as the same way then no employee can see ther own profile as well.
It hides all the profiles.
How i can permit employee to view their own profile?

Hm. I am not sure @Ujjawal. Your setting is the same as mine for the employee role. When I set that setting, the employee role went from being able to see every employee record down to just their own. You do have to set the employee role on all the users you want to have that role set on, there is not a way to do it automatically that I am aware of. Role permissions manager is used to define the role and what permissions it does or does not have on the varying document types in erp. Once you set that, you then have to go into user manager to set the roles you want on your users.

I can confirm that @James_Robertson 's settings work. You must give the employee the “Employee” role and make sure they have no other roles that add more permissions to the employee doctype, permissions are additive, if another role has higher permissions your user will have higher permissions.

You do not need to apply any permissions to specific employees for this to work. Also, don’t forget to reload when you’re testing :slight_smile:

Hi there, @Dbone @James_Robertson
Every Employee when created is pre given employee role. Moreover my employee let say A is already given just an employee role so he cant see his own profile and also when i set exit interviewer for A then the profile is no more visible.
I’ll paste my screen shot for your reference and also will show you the login for that employe so that i can be more clear…

Here are the images for the same.
You’ll see that i have set it as the same and moreover if set user permission for an individual and after that when i set exit interviewer than the employee cannot see their profile later on.

Ok. So your settings appear to be correct in the screenshots you have shown.

I did notice in screenshot #1 that your user shows as “Not Saved” and was last edited 20 days ago. Check that you have an actual Employee record for Daizy Modi that is linked to the user account in the employee record “User ID” field. If you don’t link them the “Employee” role cannot be assigned and saved on that user. If the user email will not show up to select in the “User id” field you might need to temporarily assign another role to that user, then later remove it and have the employee role only.

Also, I was wrong that the user does not need any individual user permissions, they do, BUT the system assigns it automatically to users with that role if you have the “if Employee is permitted” box checked which you do in screenshot #3. Check that you have not removed that auto-assigned user permission for this user. The user permission should be something like: Allow User → [User Email] , If Document Type → Employee, Is → [Users Employee number]

Hi there @Dbone,
Yeah Daizy Modi is already linked and also the Not Saved thing was later saved and then i logged in through userid of daizy Modi itself.
And also in employee the user id is set for Daizy…

So What could be wrong?

Did you check this?