Users and Permissions
User permissions are a way of restricting user access to particular documents.
Role-based permissions allow setting complete (by default) access to a document type (doctype) like Sales Invoice, Orders, Quotation, Etc. This means that when you assign a Sales User role to a user, they can access all the Sales Orders and Quotations.
User Permissions can be used to restrict access to selected documents based on the link fields. For example, consider that you do business with multiple territories, and you want to restrict access of certain Sales Users to Quotations/Sales Order belonging to a particular territory. This can be done via User Permissions. The restrictions can be set on Customer, Supplier, Customer Group, Supplier Group, Etc.
Setting User Permissions are particularly useful when you want to restrict based on:
Allowing the user to access data belonging to one Company
Allowing the user to access data related to a specific Customer or Territory
To access User Permissions, go to:
Home > User and Permissions > User Permissions
1. How to create User Permissions
Go to the User Permissions list, click on New.
Select the user for which the rule has to be applied.
Select the type of document to be allowed (for example, "Company").
Under For Value, select the specific item you want to allow (the name of the "Company).
If you check 'Is Default', the value selected in 'For Value' will be used as a default for any future transactions by this user. If company DAV High School is selected as 'For Value', this Company will default for all future transactions by this user.
Note: Only single user permission can be set as default for a particular document type for a specific user.
2. More User Permission actions
2.1 Advanced control
In Advanced Control, you can have better command over where the User Permission is applied.
2.1.1 Applicable For
You can optionally apply for user permissions only for specific document types by setting the Document Type after unticking the Apply To All Document Types checkbox. Setting Applicable For option will make the current user permission applicable only under the selected Document Type master.
In the above User Permission, the user will access only Sales Orders of the selected Company.
Note: If Applicable For is not set, User Permission will apply across all related Document Types.
2.1.2 Hide Descendants
The value of Allow could be a Doctype with a Tree View, which will have records with a parent-child or ancestor-descendant relationship.
Let's assume For value, 'DAV High School.', has a child company 'BEML'. When a User Permission is created for 'DAV High School', permissions for its descendants are granted as well.
Hide Descendants is visible only on selecting a Tree View Doctype. By enabling this checkbox, permissions for descendants of For value will not be granted.
A user who can view records of 'DAV High School' will not view those of 'BEML'.
2.2 Ignoring User Permissions on Certain Fields
Another way of allowing documents to be seen by everyone that User Permissions have restricted is to tick "Ignore User Permissions" on a particular field by going to Customize Form .
For example, you don't want Assets to be restricted for any user, then select Asset in form type. Under the fields table, expand the Company field and tick on "Ignore User Permissions".
2.3 Strict Permissions
This restricts user access to documents in a stricter way.
To know more, go to the System Settings page.
2.4 Checking How User Permissions are Applied
Finally, once you have created your air-tight permission model, and you want to check how it applies to various users. You can see it via the Permitted Documents for User report. Using this report, you can select the User and document type and view which documents a particular user can access.
Ticking on the Show Permissions checkbox will show the read/write/submit and other access levels.
Note: If you cannot access Sales Order or any other document type in this list, make sure you've set the roles correctly.
Updated on: 21/06/2023