Unable to configure permissions correctly for different levels

knahsahs · September 15, 2021, 8:53am

I am trying to provide write access to two different roles on mutually exclusive group of fields. For example, I have created a DocType TestUser containing First Name, Last Name, Email, Mobile fields. There are two roles, say Manager and CEO. First Name and Last Name are assigned level 0 and Email and Mobile are assigned level 1. In Role Permission Manager below is the permission given

LEVEL 0 FIELDS - First Name, Last Name
LEVEL 1 FIELDS - Email, Mobile

LEVEL 0 - MANAGER ROLE - READ & WRITE AND CREATE
LEVEL 1 - MANAGER ROLE - READ
LEVEL 0 - CEO ROLE - READ
LEVEL 1 - CEO ROLE - READ & WRITE

Manager is able to create, update and save different records as per permissions, but for CEO level 1 fields are editable and level 0 fields are read-only as expected, but I am unable to save the details entered by CEO. Is this expected? Is there any way to achieve this use case? I am using ERPNext: v13.10.2.

Thanks

kennethsequeira · September 15, 2021, 10:41am

I’m guessing it’s because of this?

Generally we define all base permissions (Read, Write, Delete, Email) on level 0. Try testing it by giving CEO Read and Write on some level 0 fields and check.

knahsahs · September 15, 2021, 11:21am

Thanks @kennethsequeira, but for my usecase I don’t want CEO to be able to edit fields with permission level 0. Simply put the idea is to be able to configure field level read and write access for different roles. Is there a way to achieve this?

Axt_slc · October 3, 2023, 6:28am

One solution is you keep no fields on level 0 but give all base permissions for that level, and use level 1 and level 2 to have different rights for fields used by manager and ceo.Let me know how you solved the problem!!