Odoo security group project level Implementation

0
votes

I am trying to create a securtiy group for maintaining projhect level access control in odoo10 the groups ihave created are working fine on class level but i how can i use these groups to create access control in odoo at project level ie users in one group cannotr view details of other project

1
openerpaccess-controlodoo-10
a project as in u have a base module in odoo for project i use that module to manage multiples projects ie endevours you could sayDaim Sayed

1 Answers

0
votes

This is for odoo 8 but it should work with odoo 10 too.

I also assume you want to restrict access to users in a group to some records in the same model only based on some condition.

Access control can only restrict access to a whole model (either the user can CRUD all the records, or he cannot CRUD any record), if you want to restrict access to some records only, then you must also set some record rules to further restrict access.

For instance, let's say you have a Many2many field project_ids in your res.users related to your project model (if you don't then you must create it first), which contains the ids of projects the user can read or write. (I do not think you could put this field on your project model for this due to how domains works, but I might be wrong)

Assuming access control is set properly, you must set this rule to grant access (user can read and write, but not create and unlink) to a user if the id of the record is in the field project_ids of current user's record (as xml record, but you could use a csv file aswell) :

<record model='ir.rule' id="project_authorized_users_rw">
    <field name="name">Only authorized users can rw</field>
    <field name="model_id" ref="EXTERNAL ID OF YOUR PROJECT MODEL GOES HERE"/>
    <field name="domain_force">[("id", "in", user.project_ids)]
    <field name="perm_read">1</field>
    <field name="perm_write">1</field>
    <field name="perm_unlink">0</field>
    <field name="perm_create">0</field>
</record>

If this doesn't work, you should try with :

    <field name="domain_force">[("id", "in", [p.id for p in user.project_ids])]

If this works, this should enforce the rule on everyone, assuming access control rules allow the user to access the model first, but you can of course also attach the rule to some groups if you want.

You can also set record rules though the GUI if you want, for example though the group configuration view.

Here is the official documentation about access rights for odoo 10 for more details.