Access Rights:
Access rights in Odoo define what a user can or cannot do within the system. They are permissions that are set on specific objects (such as models, records, or fields) and determine whether a user can create, read, write, or delete data associated with those objects.
The standard access rights levels in Odoo are:
- No Access: User has no access to the object.
- Read: User can view the object’s data but cannot modify it.
- Write: User can modify the data of the object but cannot create or delete it.
- Create: User can create new records of the object.
- Delete: User can delete records of the object.
Access rights can be set for each user role (group) on different modules, models, or even specific records, allowing fine-grained control over who can perform specific actions.
Groups:
Groups in Odoo are collections of users with similar access rights. They provide a way to manage access permissions at a higher level by grouping users together based on their roles or responsibilities in the organization.
For example, you could have groups such as “Managers,” “Sales Team,” “Accountants,” etc. Each group would have specific access rights assigned to them. Users can be added to multiple groups based on their job roles.
Managing Security Access:
Odoo provides an interface in the back-end to manage security access. It allows administrators to create, modify, and assign groups and access rights to different modules and models. To access the security settings, an administrator typically navigates to “Settings” > “Users & Companies” > “Groups.”
Inheritance and Access Control List (ACL):
Odoo also allows for access rights inheritance, meaning that access rights can be inherited from parent objects to their child objects. This helps to simplify and organize access control settings.
Additionally, Odoo has an Access Control List (ACL) feature, which allows you to set access rights on specific records based on conditions. For example, you could grant write access to specific sales orders only for the salesperson assigned to that order.
create a folder security
Inside security folder create xml file like security.xml
<?xml version=”1.0″ encoding=”utf-8″?>
<odoo>
<!– explicit list view definition –>
<record id=”hobby_categorys” model=”ir.module.category”>
<field name=”name”>Student</field>
</record>
<record id=”hobby_category” model=”ir.module.category”>
<field name=”name”>Student Profile</field>
<field name=’parent_id’ ref=’school_student.hobby_category’></field>
</record>
<record id=’hobby_group’ model=’res.groups’>
<field name=’name’>Student hobby</field>
<field name=”category_id” ref=”school_student.hobby_category”></field>
</record>
<record id=’hobby_group_one’ model=’res.groups’>
<field name=’name’>Student hobby one</field>
<field name=”category_id” ref=”school_student.hobby_category”></field>
</record>
<record id=’hobby_group_two’ model=’res.groups’>
<field name=’name’>Student hobby two</field>
<field name=”category_id” ref=”school_student.hobby_category”></field>
</record>
<record id=’hobby_group_acoount’ model=’res.groups’>
<field name=’name’>Student account</field>
<field name=”category_id” ref=”base.module_category_hidden”></field>
<field name=”implied_ids” eval=”[(6,0, [ref(‘analytic.group_analytic_accounting’), ref(‘school_student.hobby_group’)])]”/>
</record>
<record model=”ir.model.access” id=”student_hobby”>
<field name=’name’>student_hobby</field>
<field name=’model_id’ ref=”model_student_hobby”></field>
<field name=’group_id’ ref=’school_student.hobby_group’></field>
<field name=’perm_read’>1</field>
<field name=’perm_write’>1</field>
<field name=’perm_create’>1</field>
<field name=’perm_unlink’>1</field>
</record>
<record id=’hobby_rule’ model=’ir.rule’>
<field name=’name’>Hobby rule</field>
<field name=’model_id’ ref=”school_student.model_student_hobby”></field>
<field name=’domain_force’>[(‘create_uid’, ‘=’, user.id)]</field>
<field name=’groups’ eval=”[(4,ref(‘school_student.hobby_group’))]”></field>
</record>
