to select ↑↓ to navigate
Frappe Framework

Frappe Framework

eInvoicing eInvoicing ERPNext ERPNext Frappe Ecosystem Frappe Ecosystem Frappe Framework Frappe Framework Wiki Digital Signing Digital Signing
EN NL
Edit
Open in ChatGPT
Ask ChatGPT about this page
Open in Claude
Ask Claude about this page

User Management

User Management

Adding users is one of the first things you'll do on a new site.

Creating a user

User → New:

Field Notes
Email Used as login AND as the user's primary key — choose carefully
First / Last Name Display name
User Type System User (desk access) or Website User (portal only) — see System vs Website Users
Roles What they can do — see Permissions
Send Welcome Email Frappe emails a password-reset link so the user sets their own password

Login methods

Method When
Email + password Default
OAuth (Google, Microsoft, GitHub) Configure under Integrations → Social Login Key
LDAP / Active Directory For enterprises with on-prem identity
2FA See Two-Factor Authentication

The Administrator user

Frappe ships with a built-in Administrator user — the equivalent of root. It has all roles by default and bypasses User Permissions. Treat it like a root account:

  • Set a strong password at install
  • Don't log in as Administrator for routine work — create a named System Manager account for yourself
  • Avoid sharing the Administrator credentials; rotate them when staff leave
  • The Administrator can't be deleted or disabled in the desk

On managed sites (Prilk-managed, Frappe Cloud), the Administrator password is managed by the operator and not normally exposed.

Role Profile

Assigning roles one at a time gets tedious when you have many similar users. Role Profile bundles a set of roles into a named profile:

  1. Role Profile → New — name it ("Salesperson", "Junior Accountant")
  2. Add the roles the profile should contain
  3. On the User form, set Role Profile — all its roles are applied

Useful for:

  • Onboarding waves of similar users (whole-team setup)
  • Standardising "what does a Salesperson see" across the company
  • Audits — checking that everyone in a function has identical access

A user can have one Role Profile plus additional individual roles on top.

Password policy

System Settings → Password Settings:

  • Minimum length, complexity, history
  • Force change every N days
  • Lock-out after N failed attempts

Disabling vs deleting

Prefer Enabled = No over delete. Deleting a user breaks references — Comments, Assignments, Activity Log all point at the now-gone record. Disabling preserves the audit trail while preventing login.

Roles vs User Permissions

Roles answer "what actions can they do" (Read, Write, Submit). User Permissions answer "on which records" — e.g., Alice can edit Sales Invoices, but only for Customer A. The two combine; see Permissions.

Portal users

Customers, Suppliers and Employees who log into the public portal (not the desk) use the Website User type plus an entry in their party-type's portal_users child table. See System vs Website Users.

Last updated 3 days ago
Was this helpful?
Thanks!