Users and users’ roles are critical points concerning internal security in Odoo. Odoo provides following several security mechanisms concerning user roles.
In Odoo with module, menu/view is not displayed proper or restricted when accessing by other user due to access rights/permissions. It is managed by module_name/security/ir.model.access.csv file,defines access control to a whole model.
Through this we can
Grant permissions like create,read,write(edit/update),delete to model
Define group to a model(optional)
Access controls are additive, for example if the user belongs to one group which allows writing and another which allows deleting, they can both write and delete.
Here is the steps with explanation to define ir.model.access.csv file for custom model.
Step 1 : Create Security folder in your custom module.
Step 2 : Make ir.model.access.csv file in Security folder.
Step3 : Edit in __openerp__.py
Step4 : Write following code in your ir.model.access.csv
Defining Access Rights ( ir.model.access.csv )
id = unique identity for the permission (Example:access_blog_post_user)
name = unique name for the permission (Example:blog.post.user)
model_id/id = the model unique name of the class you want apply permission on (Example: model_blog_post)
group_id/id = Permission apply on group(Example: Blog.group_blog_user)
perm_read,perm_write,perm_create,perm_unlink = the 4 values for the relative permission to read, write,create,unlink record on defined class. 1 is True and 0 is False
Record rules are conditions that records must satisfy for an operation (create, read, update or delete) to be allowed. It is applied record-by-record after access control has been applied.
Go through : Settings -> Security -> Record Rules
A record rule has:
A model on which it applies
A set of permissions to which it applies (e.g. if perm_read is set, the rule will only be checked when reading a record)
A set of user groups (no group means global rule)
A domain for filtering data
An ORM field can have a groups attribute providing a list of groups.If the current user is not in one of the listed groups, he will not have access to the field:
Applies most to all tags in xml:(For Example)
<field name="company_id" groups="base.group_multi_company"/>
<button name="submit_hr" string="Submit to HR" class="oe_highlight"
4.Workflow Transition Rules:
Workflow transitions can be restricted to a specific group. Users outside the group can not trigger the transition.
1)Go through : Settings -> Workflow -> Transitions
A Transition has :
Source Activity : which define starting state of transition(eg. draft)
Destination Activity: which define ending state of transition(eg: waiting)
Signal(Button Name): which define activity name(eg: submit_hr)
Condition: which is used to check if workflow instance progresses through the transition or not (eg:True)
Group Required :which define group to give access (eg: Human Resource / Employee)
2)We can define group to transition from xml side also.
<record id="trans_draft_router" model="workflow.transition">
<field name="act_from" ref="act_draft"/>
<field name="act_to" ref="act_router"/>
<field name="group_id" ref=”base.group_sale_customer”/>
For more implementation details or support, you may contact us at