Access Groups
User Access Groups
Menu of user access groups will only available if Odoo Developer Mode is activated. The menu could be found in Setting > Users & Companies > Groups
User access groups define access given to groups of users in an Odoo database. They standardize and simplify user access so that setting up a user should be fairly simple.
Different types of user access groups:
- User Types (Internal, Portal, Public)
- Application access groups
- Technical Settings
- Extra Rights
- Other (Access to Private Addresses)
User Types
Users must be allocated to one type.
Internal
Set user as internal type of user by not checked any option on the setting. Internal users can have full access to Odoo applications.
Internal users are almost always members of multiple application access groups. Internal users will also be members of several technical access groups, each of which has a specific purpose, example: manage multiple units of measure, analytic accounting. Internal users may also have Extra Rights (Multi Currency, Multi Company), and other access.
Portal
Set user as portal type of user by checked the option of Portal only. Portal users could be customers or suppliers (with access only to relevant documents)
Public
Set user as public type of user by checked the option of Public only. Public users can only access the Odoo website.
Application Access Groups
There are 2 groups for Invoicing/Accounting app:
- Billing
- Billing Manager
- Head Office Accounting (added new for Hospitality)
Inheritance
Menu
Views
Model Access Rights
Record Rules
Record rules control access to records within a Model (database table). For example, sales users can only access their own quotations and sales orders. Record rules can make it easier to develop functionality in Odoo. However, they can cause problems if there are multiple requirements related to one Model.
Record rules make use of domain to specify which records can be selected.
Types of Record Rule:
- Global rules -> restrict access and cannot be bypassed by other record rules, generally used for multi-company restrictions with no access group specified.
- Group-specific rules -> grant permission for one or more access groups. If there are multiple group-specific rules then access is granted if any of the conditions are satisfied.
Record rules grant permission for one or all of read, write/update, create and delete. Read access is required in order to have any access. This can be done either through Model Access or Record Rules. The differences are:
- If Read Access is not specified for a Model and user group, the user(s) will not have Read Access to that Model.
- If Read Access is not specified for a Record Rule (for a user group), the domain in that Rule will not apply and so will not restrict user access. However, if there are other Record Rules for Read access they would apply.