Skip to main content

User Permissions in ERPNext

User Permissions provide a way to restrict user access to specific records within ERPNext. While Role-Based Permissions determine which document types a user can access, User Permissions further limit access to selected records based on linked fields such as Company, Customer, Supplier, Territory, Customer Group, and more.

For example, a Sales User may have permission to access Sales Orders, but User Permissions can restrict them to viewing only Sales Orders belonging to a specific company or territory.

To access User Permissions, navigate to:

Home > Users and Permissions > User Permissions

User Permissions are ideal when you need to restrict access to a specific Company, Customer, Supplier, Territory, or any linked business record.

1. Creating User Permissions

Follow these steps to create a User Permission rule:

  1. Open the User Permissions list and click New.
  2. Select the User for whom the restriction should apply.
  3. Select the document type under Allow (for example, Company).
  4. Choose the specific record in the For Value field.
  5. Optionally enable Is Default if this value should automatically populate in future transactions.
  6. Save the document.

Only one default User Permission can be assigned per Document Type for a particular user.

2. Advanced User Permission Controls

ERPNext provides additional controls to define exactly where and how User Permissions are applied.

2.1 Applicable For

By default, User Permissions apply across all related document types.

If you want the permission to apply only to a specific document type:

  • Disable Apply To All Document Types.
  • Select the required document in the Applicable For field.

For example, a Company permission can be applied only to Sales Orders without affecting access to other documents.

When Applicable For is not specified, the permission affects all related document types automatically.

2.2 Hide Descendants

Certain document types support hierarchical relationships through Tree Views.

For example:

  • Parent Company: Unico Plastics Inc.
  • Child Company: Unico Toys

Normally, granting access to the parent automatically grants access to all child records.

Enabling Hide Descendants prevents access from cascading to child records.

This option is available only for tree-structured document types.

2.3 Ignoring User Permissions on Specific Fields

In some cases, you may want a linked field to bypass User Permission restrictions.

This can be configured through:

Customize Form

For the required field, enable:

  • Ignore User Permissions

For example, if Assets should remain visible regardless of Company restrictions, you can enable this option on the Company field within the Asset document.

2.4 Strict Permissions

When User Permissions exist, ERPNext must decide what happens when a user has no matching permission records.

Two approaches are possible:

  • Show all records (nothing is restricted).
  • Show no records (nothing is permitted).

This behavior can be controlled through:

System Settings > Permissions > Apply Strict Permissions

3. Reviewing User Access

Once User Permissions have been configured, administrators can verify their effect using the:

Permitted Documents for User Report

This report allows you to:

  • Select a User.
  • Select a Document Type.
  • View all records accessible to that user.
  • Review Read, Write, Submit, and other permission levels.

This is particularly useful when troubleshooting permission-related issues or validating security configurations.

If a user cannot access a document, always verify both Role-Based Permissions and User Permissions before troubleshooting further.

4. Common Use Cases

Restricting Access by Company

A user can be restricted to viewing and working only with records belonging to a single company.

Examples include:

  • Sales Orders
  • Purchase Orders
  • Invoices
  • Projects

Restricting Access by Territory

Sales representatives can be limited to customers and transactions within their assigned territories.

Restricting Access by Customer

Support agents or account managers can be granted access only to customers they manage.

Restricting Access by Supplier

Procurement teams can be restricted to supplier records relevant to their department or location.

BEST PRACTICE

Use Role-Based Permissions to control access to document types and User Permissions to control access to specific records. Combining both creates a secure and scalable permission model.

Related Topics

  • Adding Users
  • Role and Role Profile
  • Role Based Permissions
  • Role Permission for Page and Report
  • System Settings

SUMMARY

User Permissions in ERPNext provide record-level access control by restricting users to specific Companies, Customers, Territories, Suppliers, and other linked records. Combined with Role-Based Permissions, they help organizations create secure, department-specific access rules while maintaining visibility only where required.

Rating: 0 / 5 (0 votes)

© 2026 | goERPNext | All rights reserved