Recent Bloggers

Ankit Prajapati
Posts: 5
Stars: 0
Date: 9/18/17
Chirag Patel
Posts: 4
Stars: 0
Date: 9/15/17
Rahul Joshi
Posts: 5
Stars: 0
Date: 9/15/17
Jiten Vaghela
Posts: 1
Stars: 0
Date: 8/23/17
Kuldeep Acharya
Posts: 1
Stars: 0
Date: 8/16/17
Saurang Suthar
Posts: 5
Stars: 0
Date: 7/5/17
Jyoti Verma
Posts: 3
Stars: 0
Date: 6/29/17
Pankti Patel
Posts: 1
Stars: 0
Date: 5/27/17
Chandrika Baraiya
Posts: 5
Stars: 0
Date: 5/27/17
Atith Patel
Posts: 5
Stars: 0
Date: 5/23/17
« Back

Security Mechanism in Odoo v9

Users and users’ roles are critical points concerning internal security in Odoo. Odoo provides following several security mechanisms concerning user roles.

1.Access Control:

In Odoo with module, menu/view is not displayed proper or restricted when accessing by other user due to access rights/permissions. It is managed by module_name/security/ir.model.access.csv file,defines access control to a whole model.

Through this we can

  • Grant permissions like create,read,write(edit/update),delete to model

  • Define group to a model(optional)

    • If no group: access rights applies to all users

    • If group:  access rights applies to member of that group

Access controls are additive, for example if the user belongs to one group which allows writing and another which allows deleting, they can both write and delete.

Here is the steps with explanation to define ir.model.access.csv file for custom model.

Step 1 : Create Security folder in your custom module.

Blog/security

 

Step 2 : Make ir.model.access.csv file in Security folder.

Blog/security/ir.model.access.csv


Step3 : Edit in __openerp__.py         

'data': [

'security/ir.model.access.csv',

],

 

Step4 : Write following code in your ir.model.access.csv

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink

access_blog_post_user,blog.post.user,model_blog_post,Blog.group_blog_user,1,0,0,0

OR

access_blog_post_user,blog.post.user,model_blog_post,,1,0,0,0

 

Defining Access Rights ( ir.model.access.csv )

  • id = unique identity for the permission (Example:access_blog_post_user)

  • name = unique name for the permission (Example:blog.post.user)

  • model_id/id = the model unique name of the class you want apply permission on (Example: model_blog_post)

  • group_id/id = Permission apply on group(Example: Blog.group_blog_user)

    • Where Blog:module name  , group_blog_user :group id

  • perm_read,perm_write,perm_create,perm_unlink = the 4 values for the relative permission to read, write,create,unlink record on defined class. 1 is True and 0 is False

2.Record Rules:

Record rules are conditions that records must satisfy for an operation (create, read, update or delete) to be allowed. It is applied record-by-record after access control has been applied.

Go through : Settings -> Security -> Record Rules

A record rule has:

  • A model on which it applies

  • A set of permissions to which it applies (e.g. if perm_read is set, the rule will only be checked when reading a record)

  • A set of user groups (no group means global rule)

  • A domain for filtering data

    • If filter matches: It is accessible

    • If filter does not matches: It  is not accessible

Record Rules Personal Orders Odoo22.png

 

3.Field Access:

An ORM field can have a groups attribute providing a list of groups.If the current user is not in one of the listed groups, he will not have access to the field:

Applies most to all tags in xml:(For Example)

1)<field>...</field>

<field name="company_id" groups="base.group_multi_company"/>

 

2)<button>...</button>

<button name="submit_hr"  string="Submit to HR" class="oe_highlight"

groups="base.group_hr_user"/>

 

4.Workflow Transition Rules:

Workflow transitions can be restricted to a specific group. Users outside the group can not trigger the transition.

1)Go through : Settings -> Workflow -> Transitions

A Transition has :

  • Source Activity : which define starting state of transition(eg. draft)

  • Destination Activity: which define ending state of transition(eg: waiting)

  • Signal(Button Name): which define activity name(eg: submit_hr)

  • Condition: which is used to check if workflow instance progresses through the transition or not (eg:True)

  • Group Required :which define group to give access (eg: Human Resource / Employee)

?

Transitions submit_hr Odoo.png

 

2)We can define group to transition from xml side also.

For example:

<record id="trans_draft_router" model="workflow.transition">

  <field name="act_from" ref="act_draft"/>

  <field name="act_to" ref="act_router"/>

  <field name="signal">order_confirm</field>

  <field name="condition">True</field>

  <field name="group_id" ref=”base.group_sale_customer”/>

</record>

 
Comments
Trackback URL:

Rahul D
Good post, I'm new to odoo9, trying for... when I login to odoo as a user I should be able to view only my 'purchase orders'i.e.. purchase orders for that selected vendor who has logged in. What will be the access rights and records rules, please guide
Posted on 11/17/16 7:41 AM.

Contact Us

Loading

Get in touch

Headquarter :
302, Landmark,
Nr. Titanium City Center,
Prahlad Nagar Road,
Ahmedabad, India - 380015.