Why HR Manager can only see his own Employee record?

ERPNext
, ,
1

There are many helpful suggestions about our issue in this thread …

As an hr manager i cannot see all employees

… but they do not help with the problem we face.

The employee record of our staffer, (recently made HR Manager), was created with “Create User Permission” checked.

Unchecking that field makes no difference, he can still only see his own record.

We created a new User “Yourself Yourorg” with only Employee and Customer roles.
We created a new Employee “You Yourself” with “Create User Permissionunchecked, per this image…

image
image727×448 19.7 KB

As Administrator I can view the Permitted Documents For User of the new user “Yourself Yourorg” and see it has permissions to view the full list of employees, as shown:

image
image412×718 36.2 KB

We deleted that Employee, the Route History of that User and then the actual User account.

We then recreated the User, and the Employee record but this time with “Create User Permission” left checked.

In that case the User had permission only over his own Employee record.

We than set “Create User Permission” to unchecked.

That had no effect of the Permitted Documents For User list. He could still only see his own Employee record.

Questions:

  1. What do we need to do to the HR Manager’s account to give him access to all Employee records?
  2. Which MariaDb table(s) is that report reading from?
admin@erpls:~/frappe-bench-ERPLS$ lsb_release -a
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.4 LTS
Release:	22.04
Codename:	jammy
admin@erpls:~/frappe-bench-ERPLS$ bench version
erpnext 13.39.2
frappe 13.41.3
2

Ok!

I figured it out.

If an Employee, who can only see their own Employee record, is upgraded to HR User or HR Manager they will still only be able to see their own Employee record.

The solution is to:

  1. delete their system User ID from their Employee record
  2. save their Employee record
  3. add their User ID back
  4. uncheckCreate User Permission
  5. save again.

That sequence forces the system to re-evaluate roles and permissions for the User and for the Employee

3

Hi @MartinHBramwell

That’s one way to do it but the more direct way is:

  1. Go to the ‘User Permission’ list for that user (By default, the system creates 2 records: Employee and Company)
  2. Delete the User Permission for Employee

This removes ALL Employee restrictions from that user but leaves the restrictions for Company which is very important if you have a multi-company setup

Permissions in Frappe still need a bit of work for intuitiveness but it’s important to keep in mind that it’s a balance between the ‘Role Permission Manager’ and the ‘User Permission’ list

Cheers

2 Likes
4

Great tips!

Thanks for providing wider options!