Role Permission for Page and Report
Roles Permission for Page and Report permits pages and reports on ERPNext to be accessed. By doing this, none but the authorized persons with the appropriate roles would be able to view or interact with any specific pages or reports thus providing increased control of seeing what, and accessing information within the system.
Document Types vs Pages
- Document Types are the type of modules e.g Sales Order, Customer, Supplier and so on. There may be multiple documents of the same type under a Document Type. As an example, you may have numerous different Sales Orders within the Sales Order DocType.
- A Page, however, is an individual configuration or screen interface. For instance, Selling Settings is one page. Unlike document types, you cannot have multiple instances of the same Page.
Custom Pages and Reports
ERPNext is integrated to design custom interface and reports:
- Certain workflows or dashboards can be assigned a roboticized custom Page.
- A custom Report could be created through Report Builder or Query Report with the ability to tailor the view of the data.
These components are user defined thus must be configured to only be available to those roles that require them. This prevents unsanctioned access of sensitive configurations or information.
Role-Based Permission System
ERPNext uses a role-based permission system:
- Roles can be allocated to users to specify what they can view.
- The identical roles can be associated with Pages and Reports such that users with identical roles can open them.
- Example: A Sales User role can be given access to Sales-related pages and reports, whereas an Accounts Manager can be given financial reports access only.
Developer Mode and Direct Role Assignment
When developer mode is on:
- Roles can be directly added in the Page or Report record itself.
- These assignments of roles are saved automatically to the corresponding JSON file for the page/report, so permissions are kept intact and version-controlled.
- Developers handling custom applications where permissions need to be rolled out consistently to various environments can use this approach.
Restricting Access
To restrict access to specific pages or reports in ERPNext:
- Go to the Role Permission for Page and Report tool.
- Define roles to set who can view a given Page or Report.
- Only the assigned users with those roles will be able to view and utilize the restricted item.
Access Path
To control permissions:
1. How to use Role Permission for Page and Report Tool
If developer mode is turned off, system administrators can set roles on pages and reports directly via the Role Permission for Page and Report page. The tool becomes the only point of control of access to specific pages and reports without the need to modify the basic code.
Based on this, administrators can:
- Select a Page or Report.
- Assign one or more roles, which are to be granted access.
- Discover to save change to implement new changes on access control.
This approach is handy in production environments where developer mode isn't allowed and in-line JSON file edits are prohibited.
1.1 Reset to Defaults
In the Reset to Defaults setting, administrators will have the ability to clear all custom roles-based permissions applied manually on a Page or Report. Having done this step:
- All permissions that are overridden are dropped.
- The system resets the default role permissions set on that Page or Report.
- This can be especially helpful when keeping permissions too restricted, too far-reaching or when trying to track down access related problems.
Note: After resetting, if access needs to be customized again, roles must be reassigned manually.
Setting Role Permissions from the Page/Report as a Developer
When developer mode is on, developers can directly access assigning roles from the record itself within the Page or Report. This gives more control and also guarantees that permissions are saved in version-controlled JSON files, which are portable and consistent across environments.
Role Permissions for Page
- Go to: Home > Developer > Page.
- Click on the specific Page record on which permissions must be defined.
- In the Roles table, create a new row and choose which roles can access the Page.
- Save the Page record to implement the new permissions.
This means that only the chosen roles will be able to see and interact with that particular Page in the ERPNext system.
Role Permissions for Report
- Go to: Home > Developer > Report.
- Open the particular Report record.
- Add rows in the Roles table with the roles who must have access to this Report.
- Save the record to implement the changes.
Defining roles at the report level allows the developer to ensure that very sensitive reports (e.g., financial reports or payroll reports) become accessible only to permitted roles, e.g., Accounts Manager or HR Manager.