I just tried the User Permission on a test system.
I only can get the User Permission to apply, if the user has a Role that has access to the specific DocType.
I think that it is VERY dangerous to first need a Role that has access to a DocType and then limit the access by the User Permission. I could forget to limit a new User!!
Is there a way to apply a User Permission without assigning the user a Role that has access to the DocType first?
The permissions system work in reverse of what you would expect.
However, you can create new roles for specific people (like newly hired). Then place the role only in the doc types that you want them to access. When they have completed their training or their transition period, you can set an alert to remind you to change their new employee role to something more permanent.
I have done this before. I created a custom Stock Balance report for the Accounting and Purchasing team to use. Then they wanted the Commercial Sales Manager to have access to the report but not the other Accounting or Purchasing doctypes. So, I created a Role called “Sales Manager Reporting” and enabled the role in the Sales Managers User profile. Then I added the role to just the customized Stock Balance report.
With this, the Sales Manager has access to the report he needs without granting access to any of the Purchasing or Accounting doctypes that are normally associated with the same report.