Search Here

Security Groups and Access Rights in Odoo

The most significant area in Odoo/OpenERP is how to deal or manage users. Managing users and assigning groups or role is the key point in every business. In Odoo/OpenERP assigning role or group to the single user is made through Administrator. And its not a good practice to do so using login through admin and do some setting stuff like assigning groups to employee or users.
Groups and Access rights in Odoo



If you let users change their role (in dot NET applications) or groups (mostly used in ERP Systems) them selves, than you will no direct control over your system. You should have some policy to try to maintain a level of security.

Why We Need User Role and Security Groups in Odoo

The answer is you need to put everything significant to your business. As you have seen that their are couple of things in an ERP system which you don't want to show every user, most of your staff members needs to see only part of the given system. 

That's why we need groups or user role that will be assigned to each user. In Odoo/ERP the management of users is very flexible, and each user can belong to one or more groups.

To manage users and configure  security access rights you should start by defining the groups.

How to create / define security groups in Odoo

  1. Open "security_group.xml" file under your "module_name" >> "security" folder/directory
  2. If you do not have such file than create one in above mentioned folder.

To create groups use below code snippet in your XML file.

<openerp>
<data>
<record id="your_group_id_goes_here_1" model="res.groups">
<field name="name">Your Group Name 1</field>
</record>
<record id="your_group_id_goes_here_2" model="res.groups">
<field name="name">Your Group Name 2</field>
</record>
</data>
</openerp>

Now upgrade your module and login through admin to see your changes. If you have no errors than you will see your created groups in "Setting >> Groups" menu.

How to assign security groups to users

To assign groups login from admin and click on "Settings >> Users", here you will see user profile, Now click on Create button to create new record or existing record click on Edit, your created group exists on under "Other" section. To assign group to particular user check that group.

After assigning groups to individual users you may need to set access controls. Defining access control is what your users have right to do with your data. Remember access control belongs to your object. 

There are four type of Access Control List (ACL) in Odoo/ERP.
  1. Read access: members of the group can read the data in the object,
  2. Create access: members of the group can create a new record in the object,
  3. Write access: members of the group can modify the contents of records in the object,
  4. Delete access: members of the group can delete records from the object. 
"access_controll_list_id","title/name of your ACL","model_your_model_name_goes_here","module_name.group_name_goes_here",1,1,1,1

In above code snippet append "model_" as a prefix to your model name. Here all one's mean we have assigning each right (read,write,create,delete) to mentioned group of users.


Post a Comment

4 Comments