User Permission failing to apply

Hi All,

First, a brief explanation of what I’m trying to do. In my company, we have departments, with heads of departments, and heads of departments answer to management. I am trying to set up leave application permissions with this structure.

With this in mind, I set up departments in ERPNext, with default leave approvers. These leave approvers have been given permissions on their respective departments. This all works as expected, with them being able to see all applications from their department, with everyone else being able to see only their own applications.

Where things get messy is with the aforementioned management users. I can’t give them permissions on the departments, as they’ll see all applications. When I added permissions for each of the department heads’ employee entries manually, I expected this to solve the problem. Unfortunately, they can still see all leave applications.

TL;DR: Why does “Employee” user permission not apply to Leave Application?

EDIT: Just realized I should definitely mention version numbers:

ERPNext: v12.6.0 (version-12)

Frappe Framework: v12.4.1 (version-12)


Found a workaround that works just fine. Apparently if you set permissions on the user, that also looks at the leave approver. The user permission entry for a member of management looks something like this:

User: john.smith
Allow: User
For Value: john.smith
Applicable For: Leave Application

That setup works perfectly well for my use case.