Permissions - make a difference between CREATE and MODIFY / UPDATE

[dolibit-ut]

Feature Request

Let's make a general distinction between the permission rights for CREATE and MODIFY/UPDATE.

So that we have everywhere uniformly az least the 4 permissions according to CRUD.

In many larger companies, there is a difference between which employees are allowed to create new customers or new products, for example, and which can only make changes in them.

Use case

No response

Suggested implementation

No response

Suggested steps

No response

[atm-maxime]

In my opinion the 2 actions must stay the same permission. If you can create a new card but can't update it afterwards, it seems odd to me... What if you missed one field to fill or made a mistake on a data during creation ?

[hansemschnokeloch]

It make sense to me to make a distinction. It is rather common that people have modification rights without creation rights in companies. For example you can be allowed to update an existing supplier without to be allowed to create new one.

[atm-maxime]

So in this case I update a supplier card by replacing every data on it and it's just as if I created a new one ...

[hansemschnokeloch]

That's not the point. User rights should be able to replicate companies rules. You have distinction between create and edit/update on all major ERPs.

For example Salesforce

and Odoo

[dolibit-ut]

In my opinion the 2 actions must stay the same permission. If you can create a new card but can't update it afterwards, it seems odd to me... What if you missed one field to fill or made a mistake on a data during creation ?

Of course it makes sense to predefine that if you are allowed to Create a dataset, you are also allowed to Update it.

But it also makes sense to predefine that you can also Read it. Nevertheless these are sensible different levels of rights.

There are often reasons why only certain groups of people are allowed to create e.g. new business partners. However, many should be able to work with (edit) existing data, not just read it.

Or think about Manufacturing Orders: Only a handful of formen / project managers create new orders, but the feedback on produced goods comes from many workers.

[toni-mx]

I'm pro separate right, another example of use is when you need unalterable info, or you need to trace modifications. Here are some examples: Create product receptions: Warehouse is able to create a new document with all products received, if the same user has the right to edit you lose control of what product you have on inventory; of course it can be logged, set stock movements etc.; but it forces you to audit logs. If you can cut from the beginning you can save some time, effort, but mostly important data integrity

Another use case: Agenda Events. User can create and input certain info, you can trigger company process inside dolibarr or outside. ¿What happens if user negligently or even just to cover some mistake edit the info. As manager, you don't have knowledge of what changed. Again compromising security.

[github-actions[bot]]

This issue is stale because it has been open 1 year with no activity. If this is a bug, please comment to confirm it is still present on latest stable version. if this is a feature request, please comment to notify the request is still relevant and not yet covered by latest stable version. This issue may be closed automatically by stale bot in 10 days (you should still be able to re-open it if required).