Overview

Role-Based Permissions manage access to document types, while User Permissions limit access to specific records like assigned customers or territories. This guide shows how to set up User Permissions for tighter data control.

1. When to Use User Permissions

Use User Permissions when you need:
✔ Territory-based access (e.g., a salesperson sees only "East Region" customers).
✔ Multi-company restrictions (e.g., an accountant accesses only "Company A" invoices).
✔ Departmental isolation (e.g., HR views only their location’s employee records).

Example: A Sales User with the "North Zone" permission cannot see South Zone orders, even if their role allows general access to Sales Orders.

2. Step-by-Step Configuration

Step 1: Access User Permissions

Go to: Home > Users and Permissions > User Permissions

Step 2: Create a New Role

1. Click "New."

2. Fill in:

• User: Select the employee (e.g., "John Doe").

• Allow: Choose the document type (e.g., "Territory," "Company").

• For Value: Pick the specific record (e.g., "North Region").

• Is Default: Enable to auto-set this value in future transactions.

Step 3: Advanced Controls (Optional)

• Applicable For: Restrict the rule to certain DocTypes (e.g., only Sales Orders).

• Hide Descendants: Block access to child records (e.g., hide "North Sub-Region" if "North Region" is selected).

3. Key Scenarios & Examples

Scenario 1: Territory-Based Sales Access

Goal: Restrict a Sales User to "West Region" customers.

1. Create User Permission:

• User: "Sales User"

• Allow: "Territory"

• For Value: "West Region"

2. Result: The user sees only customers/orders linked to West Region.

Scenario 2: Multi-Company Accounting

Goal: Limit an accountant to "Company A" invoices.

1. Create User Permission:

• User: "Accountant"

• Allow: "Company"

• For Value: "Company A"

2. Result: The accountant cannot view invoices from Company B.

Scenario 3: HR Department Isolation

Goal: Ensure HR staff see only their location’s employee records.

1. Link "Branch" field to Employee DocType (via Customize Form).

2. Create User Permission:

• User: "HR Manager"

• Allow: "Branch"

• For Value: "HQ Office"

4. Combining User Permissions with Roles

For airtight security:

1. Role Permissions Manager: Grant general access (e.g., "Sales User" can read Sales Orders).

2. User Permissions: Narrow it down (e.g., only "North Region" orders).

Note: If no User Permission exists, access depends on System Settings:

• Strict Permissions Enabled: User sees nothing.

• Strict Permissions Disabled: User sees everything (default).

5. Troubleshooting

Here’s a quick look at some common issues you might run into.

• The user must check all the records? Check:

• User Permissions are correctly linked to the document’s field (e.g., "Territory" must exist in Sales Order).

• "Apply Strict Permissions" is enabled (Home > Settings > System Settings).

• Permission conflicts? Verify hierarchy (e.g., User Permissions override Role Permissions).

6. Best Practices

Here’s a quick look at some of the best practices for User Permissions.

1. Audit Regularly: Use the "Permitted Documents for User" report to verify access.

2. Use "Is Default": Streamline data entry for users (e.g., auto-set their company).

3. Document Dependencies: Ensure restricted fields (e.g., Territory) exist in target DocTypes.