User Permission

By ERPNext Administrator on October 15, 2024
Expert

User permissions is a way of restricting user access to particular documents.


Role based permissions allow setting complete (by default) access to a document type (doctype) like Sales Invoice, Orders, Quotation, etc. This means that when you assign a Sales User role to a user, they can access all the Sales Orders and Quotations.


User Permissions can be used to restrict access to select documents based on the link fields in the document. For example, consider that you do business with multiple territories and you want to restrict access of certain Sales Users to Quotations/Sales Order belonging to a particular territory. This can be done via User Permissions. The restrictions can be set on Customer, Supplier, Customer Group, Supplier Group, etc.


Setting User Permissions are particularly useful when you want to restrict based on:

  1. Allowing user to access data belonging to one Company
  2. Allowing user to access data related to a specific Customer or Territory
To access User Permissions, go to: > Home > Users > User Permissions



How to create User Permissions

  1. Go to the User Permissions list, click on .
  2. Select the user for which the rule has to be applied.
  3. Select the type of document to be allowed (for example "Company").
  4. Under For Value, select the specific item that you want to allow (the name of the "Company).
  5. If you check 'Is Default', the value selected in 'For Value' will be used by default for any future transactions by this user. That is if company 'TECHNO BRAVE ASIA LTD..' is selected as 'For Value', this Company will be set as default for all future transactions by this user.


User Permissions of Employees

The default user permissions for employees are 'Company' and 'Employee.'

This allows employees to view only their own data, such as timesheets, leave applications, and expense claims. Employees should not be able to see each other’s data.

However, the heads of each employee are able to see their subordinates' data, as set in the 'Report to' field in the employee form.





User Permissions of HR-Admin

HR admins are able to see employee data in the company, such as leave applications. To allow them to view other employees' data, set them as employees and use the 'Applicable For' field to select a document that does not concern them, such as the activity log.



User Permissions of Partner

The role 'Partner' has been created to manage projects collaboratively, such as through a Kanban board. However, they should not be able to see private internal data.

The image below shows an example of user permissions for the partner role. After logging into the ERPNext desk:

  1. They will be able to manage their own account only.
  2. They will be allowed to see the data for project PROJ-0010 only.
  3. They will be allowed to view the Kanban board for project PROJ-0010 only.
  4. Since the Kanban board is fed from tasks, if you set the task type to 'Issue' for them, only tasks with the type 'Issue' will be shown on their Kanban board. They will not be able to see other tasks. You can set the task type depending on the partner, such as 'External' or others.


This setting ensures that partners or clients cannot access internal data.



View Permitted Documents: Will take you to the 'Permitted Documents For User' report for this user. Here you can see which documents does Bruce have access to. For example, on selected Sales Order, the list of Sales Orders Bruce has access to will be displayed.



You also need to set the permissions for the document and the document fields.




More articles on User Guide for System Admin

More articles on User Guide for System Admin
Comments

No comments yet. Start a new discussion.

Add Comment