Users and users’ roles are critical points concerning internal security in Odoo. Odoo provides following several security mechanisms concerning user roles.
1.Access Control:
In Odoo with module, menu/view is not displayed proper or restricted when accessing by other user due to access rights/permissions. It is managed by module_name/security/ir.model.access.csv file,defines access control to a whole model.
Through this we can
Grant permissions like create,read,write(edit/update),delete to model
Define group to a model(optional)
If no group: access rights applies to all users
If group: access rights applies to member of that group
Access controls are additive, for example if the user belongs to one group which allows writing and another which allows deleting, they can both write and delete.
Here is the steps with explanation to define ir.model.access.csv file for custom model.
Step 1 : Create Security folder in your custom module.
Blog/security
Step 2 : Make ir.model.access.csv file in Security folder.
Blog/security/ir.model.access.csv
Step3 : Edit in __openerp__.py
'data': [
'security/ir.model.access.csv',
],
Step4 : Write following code in your ir.model.access.csv
id = unique identity for the permission (Example:access_blog_post_user)
name = unique name for the permission (Example:blog.post.user)
model_id/id = the model unique name of the class you want apply permission on (Example: model_blog_post)
group_id/id = Permission apply on group(Example: Blog.group_blog_user)
Where Blog:module name , group_blog_user :group id
perm_read,perm_write,perm_create,perm_unlink = the 4 values for the relative permission to read, write,create,unlink record on defined class. 1 is True and 0 is False
2.Record Rules:
Record rules are conditions that records must satisfy for an operation (create, read, update or delete) to be allowed. It is applied record-by-record after access control has been applied.
Go through : Settings -> Security -> Record Rules
A record rule has:
A model on which it applies
A set of permissions to which it applies (e.g. if perm_read is set, the rule will only be checked when reading a record)
A set of user groups (no group means global rule)
A domain for filtering data
If filter matches: It is accessible
If filter does not matches: It is not accessible
3.Field Access:
An ORM field can have a groups attribute providing a list of groups.If the current user is not in one of the listed groups, he will not have access to the field:
We use cookies to deliver personalized content, analyze trends, administer the site, track user movements on the site, and collect demographic information about our user base as a whole. Accept all cookies for the best possible experience on our website or manage your preferences.
What For?