User Permission

ERPNext
1

Hi,

I set a user as Material Master Manager with read, write, create. Also I checked Apply User Permission and add restriction to this user to warehouse ‘A’ only.

But the user is still able to view other warehouses i.e. stock ledger of other warehouses. Anybody know what’s missing here?

Thanks

1 Like
2

Hello,

Permission restriction setting should be done for each document type separately. It means to have Stock Ledger Entries also restricted based on Warehouse, you should do same setting as done for item in the Role Permission manager for Stock Ledger Entry.

1 Like
3

If so, why in the manual it’s said that if we restrict a user to a specific master record then it affects to all transactions where the record is linked???

Secondly, I think I found another issue:

I just set material user and set restriction to doctype:warehouse ‘A’. When that user login, she/he still able to view other warehouses master but evenmore can add/edit warehouse.

In the role permission manager, material user is having read permission only. What happened? I’m using v5…

4

Provided Apply User Permission is checked for a document type, and based on that link field is set.

In your case, one you have defined the match for a user and warehouse, you only need to go about checking Apply User Permission - based on Warehouse for other Document Types.

Have you check Apply User Permission for the Warehouse doctype for Material User? If not, then restriction will not be applied just based on User Permission Setting.

5

Yes Apply User Permission is checked for Warehouse doctype for Material User. What’s wrong?

I checked Permitted Documents for that user and Warehouse Doctype and all warehouses still appear for that user…

6

I’m stuck with this…here’s what I did

  1. Set User X as ‘Material User’ only
  2. Apply User Permission is checked for role:Material User for doctype:Warehouse with ‘Read’ permission only
  3. Add restriction on User Permission for doctype:Warehouse with value Warehouse ‘A’ for User X

But when User X login, he/she is able to view all warehouses and also can edit and even create new warehouse. Any can help with some hints?

permission.png1127×416 39.9 KB

Thanks

7

I just removed User Permission setting for that user. But the user is still able to view all warehouses. Why?

My use case is:

  1. Material Users are set to a warehouse
  2. They can only make stock transactions for that warehouse only.
  3. They can only view stock related reports for that warehouse only.

Is this possible?

Tks

8

Is it possibly a bug? Apply User Permission doesn’t work… The user still can make stock transactions for all warehouses. I have checked Apply User Permission for each doctype and assigned restricted record for the user to a specific warehouse…

I don’t have any ideas what I missed here…

I’m using v5…please help. Thanks

9

I’m using v5.0.11 now and user permission setting doesn’t work as expected.

Steps to replicate the issue:

  1. Set User A as Material User
  2. Select a doctype in Role Permission Manager i.e. Purchase Receipt
  3. Check Apply User Permission
  4. Add User Permission record for User A for Doctype:Warehouse and set the value > Warehouse B
  5. Login as User A and go to Stock > Purchase Receipt
  6. It shows all Purchase Receipt records. >> It should only list down Purchase Receipts for Warehouse B which is permitted for User A.
  7. Click any of those lists then it will deny if the warehouse is not permitted. User Permission applies correctly here, but in my opinion just hide the records where the user is not permitted
  8. Click on the report of Purchase Receipt List
    9. Same behavior I got. It listed down all records including the warehouses where User A is not permitted, even-though it denied access if you click one of those lists to see the details…

This also happens for other doctypes or reports where Apply User Permission is checked.

Another example:
On Stock Ledger Report, User Permission does work where it only shows records of Warehouse B. But not for Stock Balance Report…

10

Anybody can help? Tks

11

@Jonathan_Fanny_Lie Can you share the full permissions of the WAREHOUSE and ALSO the ROLES that you have assigned to the USER.

Now I believe you only want your users to see a PARTICULAR Warehouse. If so then Why are you giving them the permission to create a WH?

Second I also believe you want the user to view stock ledgers of that warehouse?

Now when I checked for your problem I guess I found the issue…basically you are giving your USER 2 ROLES Namely:

  1. Material Master Manager (which is restricted in viewing of WH)
  2. Material User (which is UNRESTRICTED in viewing of WH)

Now due to this the users are able to see all the WH. Can you check if that is the case.

What I think you should do in your case is to give such users only ONE ROLE and add that role if its not there in the role permission of that document this would keep things simple as assigning multiple roles is kind of confusing.