Basically what I’m trying to do is, restrict users to see the transactions only related to the company they are linked to. I’m able to achieve most of it, but I’ve stuck with one issue.
Say that I have two companies A and B and two user testuser1 and testuser2. I’ve added user permissions for both the users i.e testuser1 has permission to only company A and testuser2 has got permission to company B as shown in the image below-
I assume it’ll behave the same way all over the system, So coming to the question here- Is this the normal behaviour? Is there something I am doing wrong ? If I’m wrong Is there another way to restrict user based on the permission I set him?
I think some validation when you access from the url is missing. But while that’s something that needs to be fixed, ignore that for the moment and try and see if one of the users can make a transaction (like Quotation, Sales Order, Stock Entry, Purchase Receipt, etc. etc.) for a company is not authorized to access.
@Paul_Clinton I wonder if you have run into the same issue I have solved for myself.
TLDR - I found that ERPnext / Frappe role restrictions are not “completely exclusive.” Meaning, if you restrict a role based on a field for which some docs are NULL/empty, then those will not be filtered out but instead included with the docs which are filtered in. Said another way, docs with NULL/empty for the filtered field will be included instead of excluded.
Here is the situation I had…
I created a doctype
I added docs to that doctype
I added the field for which I would filter / restrict access (thus the previously created docs had NULL/empty for this new field)
I added the role permissions
I noticed all previous records which were created prior to my new field were included in my filter / restriction instead of excluded
I went back to those previously created docs and entered the appropriate values for the new field from which I would filter / restrict access
I noticed that those docs were appropriately filtered / restricted as I intended