Hi,

For giving the access rights, you can use Access Control List and Record Rules, access control list can give the permission for read, write, create and delete for users groups. Where as the record rules are used to limit the permission to records based on some rules.

For writing the access rights for your model, have a look at this blog, explaining the same in detail: Security in Odoo

Also, refer this Odoo documentation: https://www.odoo.com/documentation/11.0/reference/security.html

Thanks

Thanks