Odoo provides various internal security mechanism concerning the user roles for the purpose of security
Certain modules or views are restricted to specific users or managers due to the access rights or permissions. This is can managed by giving security groups in the security folder using the ir.model.access.csv file that defines the access control for the module
By this, we can grant permissions like
- delete to the users and the managers
To create a security group,
- Create a ir.model.access.csv file in the security folder
- An xml file for defining the access rights
This allows us to add specific users to the groups and to show/hide menus depending on the user for that particular module
Creation of CSV File
Create a new folder named security in the module that you want to create security groups. Next, create a csv file called ir.model.access.csv. This will contain the specific rights that has to be given to this group
The above details are given for the security group of the CSV file in the desired module. Here, we are using the CSV file in the module named Sales.
Now lets see what every column means,
id : Unique identifier for the record that is created
Name : This denotes the description that will be shown in the drop-down and the name of the security group
model_id:id : This refers the name of the model for which the security file has to be created.
group_id:id : Unique name of the group
perm_read : This denotes if the user has the read access or not. Set to 1 if you want to give access and 0 if otherwise
perm_create : This denotes if the user has the create access or not. Set to 1 if you want to give access and 0 if otherwise
perm_unlink : This denotes if the user has the delete access or not. Set to 1 if you want to give access and 0 if otherwise
Creation of XML File
Now, we have to write the xml file under the security folder. The below record will create an option in the form that has the label ‘Sale’ and a description ‘Manager’. The sequence is used to denote where it should come in the view.
<record model="ir.module.category" id="sale_management"> <field name="name">Sale</field> <field name="description">Manager</field> <field name="sequence">4</field> </record>
Now that we have given the menu for the security group, we need to create a record for group_account_manager which we have written in the group_id:id of the CSV file so that the CSV file can find and use these groups
<record id="group_account_manager" model="res.groups"> <field name="name">User</field> <field name="implied_ids" eval="[(4, ref('base.account_group_user'))]"/> <field name="users" eval="[(4, ref('base.user_root'))]"/> <field name="category_id" ref="sales_invoice.group_user"/> </record>
The ‘name’ field will be the text that will be shown to the user in the drop-down. By setting the ‘users’ field , the default users that belong to another group must also be added to this specific group.
For example, the users is set to the base.user_root, thus, by default it will enable this value for the user. The ‘implied_ids’ denotes that the user has the manager rights and that he should have user rights also and this is done by sales_invoice.group_user where sales_invoice is the module name
The same security groups can be applied to a particular view of the module in the specific menuitem.
For example, if access rights has to be given to a menu, inherit the menu item and pass the groups in the menu item
<menuitem id="menu_sales_invoice" action="salesinvoice_action" parent="sales_parent_menu" groups= “group_account_invoice. group_account_manager”/>
Thus, by adding the ‘groups=’ tag on the menu items we can specify which group can access which menu item. When a new user is created with the ‘Manager’ rights he would only see the menu item for the Manager and not the admin menu
The security groups and security rules in Odoo allows a wide range of configuration. We can specify what a user or a manager can see just by in which groups or security rules the user is in. This feature/configuration allows you to show or hide menu items, fields and options