Permission Types

Note: This feature is experimental and available on develop/nightly builds.

In the Frappe Framework, there are built-in permission types such as read, write, create, delete, and submit. Some applications, however, need more granular, action-specific permissions (for example: "download file", "impersonate user", or "approve record").

Custom Permission Types let you declare new permission flags that behave like the standard permission types, but map to custom actions in your app.

Quick Overview

What it does: Adds a named permission type that can be assigned to roles for one or more DocTypes.
Where it's stored: A Permission Type record is exported into your app under the module, typically at your_app/your_module/permission_type/<name>.json.
How it's used: Use Role Permission Manager to assign the custom permission to roles for the selected DocType(s). In your code, check permissions using frappe.has_permission(doc, "<custom_permission_name>").

Creating a Permission Type

Enable developer mode on the site and log in as Administrator.
Create a new Permission Type via the desk UI. Provide:
- Name — a unique identifier (e.g. comment, approve, download).
- DocTypes — the DocType(s) this permission applies to.
- Module — the module under which the record will be exported.
Save the record. Exported fixtures are included when your app is installed on another site.

After creating the permission type, use the Role Permission Manager to grant that permission to roles for the selected DocType(s), just like built-in permission types.

Then you can simply check for the custom permission in your code to control access to the associated action:

if frappe.has_permission(doc, "comment"):
    # permit the custom action (e.g., create a comment)
    create_comment_for(doc, user)
else:
    frappe.throw("Not permitted", frappe.PermissionError)