V11 critical issue in user permission

We are trying to setup a role, such that all users belonging to that role should be able to see only records which are allowed by user permissions.

BUT when no user permissions are assigned, user is able to see ALL Records for given doctype. (Which was not the case in V10) There seems to be no equivalent of “Apply User Permissions” checkbox of Role Permission Manager.

The only way to restrict records is to permit at least one document.

This seems to be critical GAP in user permissions. For more details regarding this issue please visit


any workaround for this?
I’m in almost a similar scenario, I need a certain user to be able to view all timesheets, but can’t find a way to set this, since so much of permissions has changed in v11 and can’t apply user permissions based on role

did you found solution?