Aakvatech Limited - Users, Roles, and Permissions management in ERPNext

A comprehensive guide to reviewing users, roles, and permissions in ERPNext, covering Role Profiles, workspaces, segregation of duties, UI controls, and audit practices for secure systems.

 · 5 min read

A Practical Framework for Reviewing Users, Roles, and Permissions in ERPNext

Managing users, roles, and permissions in ERPNext is not just a technical exercise—it’s a governance function that directly impacts data security, operational efficiency, and audit readiness. Many implementations start with good intentions but gradually drift into complexity due to ad-hoc role assignments, unused users, and unclear access boundaries.

This guide presents a comprehensive, field-tested framework for reviewing users, permissions, and roles in ERPNext—combining security best practices with usability considerations.

1. Start with User Necessity: Control the Entry Point

The first principle is simple: only active, necessary users should exist in the system.

Key Actions:

  • Review all users and ask:

    • Does this user still need access?

  • If not:

    • Disable the user
    • Do not delete unless there are no transactions linked

Extend This Further:

  • Identify:

    • Dormant users (inactive for 30–90 days)
    • Ex-employees or transferred staff
  • Immediately disable access in such cases

2. Use Role Profiles (Not Direct Role Assignment)

In ERPNext, Role Profiles (role bundles) are the foundation of scalable access control.

Best Practices:

  • Assign roles only via Role Profiles
  • Avoid manual role assignment to users
  • Design Role Profiles based on job functions, not individuals

Example:

  • BDCEL Accounts Executive
  • BDCEL Sales Manager
  • BDCEL Warehouse Operator

Governance Tip:

Flag users who:

  • Have roles outside their assigned Role Profile
  • Accumulate “temporary” roles over time

3. Design Roles with Precision and Consistency

A poorly designed role structure leads to confusion and risk.

Principles:

  • Use custom roles only (avoid generic roles where possible)

  • Follow a strict naming convention:

    • [Company] [Module] [Function]
  • Ensure each role has a single responsibility

Avoid:

  • “Catch-all” roles (e.g., All Access)
  • Excessive role stacking per user

4. Configure Permissions with Full Clarity

Use Role Permissions Manager to explicitly define access.

Objective:

You should be able to answer:

Exactly what can this role do?

Control:

  • Read / Write / Create / Submit / Cancel permissions
  • Avoid over-permissioning “just in case”

5. Apply User Permissions for Data-Level Control

Roles define what users can do. User Permissions define where they can do it.

Examples:

  • Restrict by:

    • Company
    • Warehouse
    • Customer / Supplier
    • Specific documents

Use Cases:

  • Multi-company environments
  • Regional sales teams
  • Warehouse-specific operations

6. Enforce Segregation of Duties (SoD)

This is critical for financial and operational integrity.

Avoid giving a single user control over:

  • Creation + Approval
  • Entry + Reconciliation

Examples of Conflicts:

  • Supplier creation and payment approval
  • Sales invoice creation and credit note approval
  • Stock entry and stock reconciliation approval

7. Separate Workflow Roles from Access Roles

Not all roles are about data access.

Create Special Roles for:

  • Approvals
  • Notifications
  • Workflow steps

Important:

  • Do not mix workflow roles with operational roles
  • Keep approval authority tightly controlled

8. Review Per-User UI Settings (Often Overlooked)

User experience directly impacts system misuse and inefficiency.

a. Navigation Settings

  • Control:

    • Search bar exposure
    • Notifications relevance

b. List Settings

  • Review:

    • Sidebar visibility
    • Bulk actions (high risk)
    • View switcher

Critical:

Restrict bulk actions like:

  • Delete
  • Submit
  • Cancel

c. Form Settings

  • Sidebar:

    • Limit linked document exposure

  • Timeline:

    • May expose comments, communications, audit logs

  • Dashboard:

    • Ensure only relevant metrics are visible

d. Default Workspace

  • Every user should land on a role-specific workspace
  • Avoid generic/global landing pages

9. Use Workspaces as a Control Layer

Workspaces are not just for convenience—they reinforce access discipline.

Design Principles:

  • Create role-based workspaces

  • Show only:

    • Relevant doctypes
    • Relevant reports
    • Relevant actions

Benefits:

  • Reduces confusion
  • Improves productivity
  • Minimizes accidental access

Anti-Pattern:

  • One workspace for all users
  • Over-reliance on global search

10. Control Search and Discoverability

Global search can expose unintended data paths.

Validate:

  • What users can find via:

    • Search bar
    • Linked documents
    • Recent activity

Ensure:

  • Permissions are tight at the doctype level
  • Reports don’t expose restricted data

11. Secure Reports, Pages, and Data Access

Reports and system pages are common points of unintended data exposure and must be explicitly controlled.

Review Access To:

  • Query Reports
  • Script Reports
  • Custom Reports
  • System Pages (custom or standard)

Use Page and Report Permissions Doctype:

ERPNext provides a dedicated mechanism to control access:

  • Use Page and Report Permissions doctype
  • Grant access based on roles, not individual users

  • Ensure only relevant roles can:

    • View reports
    • Access pages
    • Interact with sensitive dashboards

Key Controls:

  • Restrict:

    • Export permissions (Excel/CSV downloads)
    • Access to financial or sensitive reports

  • Validate:

    • Reports do not expose restricted fields or cross-company data
    • Pages do not bypass standard doctype permissions

Best Practice:

  • Align report/page access with Role Profiles
  • Avoid giving broad report access via generic roles

12. Watch Custom Scripts and Automations

Customizations can unintentionally bypass controls.

Check:

  • Client scripts exposing hidden fields
  • Auto-fetch pulling sensitive data
  • Workflow automations skipping approvals

13. Manage System and Integration Users

These are often ignored—and high risk.

Identify:

  • API users
  • Integration accounts
  • Background service users

Enforce:

  • Minimum permissions
  • No interactive login (if unnecessary)
  • Controlled access scope

14. Limit Administrative Access

Admin roles should be tightly controlled.

Best Practices:

  • Minimize number of System Managers
  • Use temporary elevation where needed
  • Log all admin activities

15. Prevent Privilege Creep

Over time, users accumulate access.

During Review:

  • Compare roles vs current job function
  • Remove legacy roles

Advanced Approach:

  • Perform zero-based access review

    • Rebuild access from scratch periodically

16. Audit and Review Frequency

Annual review is not enough.

  • Quarterly light review
  • Annual deep audit

  • Event-based review:

    • After incidents
    • After major system changes

17. Test Permissions in Practice

Configuration alone is not sufficient.

Perform:

  • Role-based testing
  • Simulate real user workflows

Validate:

  • Can users do their job efficiently?
  • Are there unintended access paths?

18. Track Key Metrics

Introduce measurable governance:

  • Active vs inactive users
  • Roles per user (flag excessive roles)
  • Number of admin users
  • Users with direct role assignments
  • Workspace usage vs search usage

19. Documentation and Change Control

Without documentation, reviews become guesswork.

Maintain:

  • Role-permission matrix
  • Role Profile definitions

  • Change logs for:

    • Role updates
    • Permission changes

20. Security Enhancements

Strengthen overall system security:

  • Enforce strong passwords
  • Enable two-factor authentication (2FA)
  • Restrict login hours (if needed)
  • Apply IP restrictions for sensitive roles

Final Thoughts

A well-governed ERPNext system is not just secure—it is predictable, auditable, and efficient.

The key shift is this:

Move from “who needs access?” to “what is the minimum controlled environment each role needs to operate effectively?”

By combining:

  • Role Profiles
  • Granular permissions
  • User-level controls
  • Workspace design
  • Continuous review

—you create a system that scales cleanly without accumulating risk.

Aakvatech Limited is a Frappe Gold Partner and ERPNext implementation company headquartered in Dar es Salaam, Tanzania, operating across East Africa and the UAE.

This article was co-created using AI to accelerate drafting, with final insights curated and validated by the author.

Published on
Mitesh P Choksi

No comments yet.

Add a comment
Ctrl+Enter to add comment