I appreciate the utility of the workflow. That’s the process the Employee document tries to automate too. I would still say though that it doesn’t actually fix the issue, which is that it is necessary to give users universal access before that access can be restricted by another document.
2 Likes
It’s not a fix! It’s a workaround that may work for some. Shared it as idea if it helps someone.
2 Likes
Ah, I misunderstood what you were saying! Thanks for sharing the insight.
Oh boy ! This would be awesome !!! I know some seasoned Frappe implementation teams that still struggle with this design because it’s just counter-intuitive. Several times users are given access that they shouldn’t have just because of this very issue… still had to fix one just a couple of days ago
The suggestion you have made does seem very light but would make a WORLD of difference. I hope this gets built and merged yesterday !
Kind regards,
4 Likes
I had this problem some time ago and it is certainly scary every time that I have to give permissions to a user, not to say give the responsibility to someone else.
Even though it looks like it’s going to be another year without any attention to this, your post is of great help for us, the community, specially the newcomers.
I wish there could be a non official ERPNext Tips and “be aware of” this kind of things
Thanks Peter
9 Likes
3 Likes
Thanks @peterg for the explanation and highlighting this problem. I had written in past that ERPNext has serious confidentiality issues as user is able to escape their permissions - as certain standard reports do not force the use of filters (default is blank).
Dont know if this fix will address that??? A branch accounts user (assigned to specific accounting dimension or cost center) given access to the standard P&L or Balance sheet report can see the P&L for the whole company even if a user permission was set to only allow documents for the branch cost center.
1 Like
Hi @ankush
Looks like this PR went cold… Is there a plan to revive it or is the issue being addressed some other way ?
Kind regards,
So as I see, there is no implementation of any of this permission features yet? How did @szufisher handle the problems? I would love to help to implement this. I really need a strong permission system and the current one is really bad…
I also seen the danger of current user permission. And I attempt to fix it by a new doctype “DocType Permission”.
As soon as this document is created, there will be no permission to this document. And then by addion each Role’s Additional Permission, the permission will be added (using OR condition).
So, the combined condition would be,
doc_perm_conditions = (false OR role_1_cond OR role_2_cond)
This doc_perm_conditions will then be AND with other permission query, user permissions.
It works for me so far, but do you see any flaw?
3 Likes
seems a smart solution. if there is any user request, I will try.
thanks for sharing.
1 Like
We came up with this extension. It is used with custom frappe framework apps. It is not currently used with ERPNext. It should work.
Home page: https://frappe-manual-castlecraft-b249c70d8b6d99bd095c0ef03e4a3115a94f5.gitlab.io/
3 Likes
Repositories are mentioned in there.
- https://gitlab.com/castlecraft/frappe_utils (specific to permissions)
- castlecraft / Dev Utils · GitLab (utilities installed on “pre-dev” server where functional consultants and developers collaborate)
- GitHub - castlecraft/cfe: Castlecraft Extensions for Frappe Framework based Resource Servers (accept third party OAuth2 token)
- castlecraft / Master Manager · GitLab (synced masters in mongodb)
- GitHub - castlecraft/custom_containers (ci/cd and develops related)
4 Likes
I found interesting stuff, but it is not readable as the CSS is not working correctly, so the content is not readable , please look into to fix
You’re visiting pages that are moved.
Access it from here https://frappe-manual-castlecraft-b249c70d8b6d99bd095c0ef03e4a3115a94f5.gitlab.io
4 Likes
@revant_one, Probably I’ll never be able to learn 3%, but … thanks for sharing your treasure vault.
2 Likes