Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Accounting
Inventory
PoS
Project
MRP

All apps

All Posts People Badges

Tags (View all)

odoo accounting v14 pos v15

About this forum

Help

Access rights and record rules for user group

record_rules domain_filter access rights

1 Reply

5597 Views

Benedikt Schnörr

Hey guys,
I'm setting up a new Odoo db right now and I want to create an access group that has read and write access to contacts, only if the custom selection field x_type in a contact has the value "value1".
This is my only access right in this group:
name: model: read: write:

res.partner contact yes yes

This is the only record rule:
name: model: domain: read: write:

value1 contact [('x_type','=','value1')] yes yes

The problem is that the user in this group can still read and write to all contacts even though he is in no other access groups besides "internal user". Also "creating contact" in the user settings is deactivated.
Apparently, the access right works, but the record rule is not restricting the access right.

I have the free version 16 installed on debian 11 with the crm, contacts and mass mailing modules.

Can anyone help me with this problem? Is the domain maybe wrong or is there anything else I have to set up?

Chris TRINGHAM

Limiting access on Contacts can be tricky. This might be helpful: https://odootricks.tips/about/building-blocks/security/record-rules/

Benedikt Schnörr

Author

@Chris Thank you for the link, it helped a bit!

Benedikt Schnörr

Author Best Answer

Edit: I figured it out.

There is a record rule in the predefined group "Internal User" called "res.partner.rule.private.employee" which grants full access to all contact entries by default. This rule overwrote my own rule so it couldn't work. I limited the predefined rule's access to read only or deleted it, then my own rule worked.

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Related Posts	Replies	Views
Domain Filtering help: Is there any operator like 'includes' or 'contains', which will do the inverse of 'child_of' operator? Solved record_rules domain_filter	2 Oct 22	12698
Access Rights in Odoo 15 Solved record_rules access rights odoo15	2 Oct 24	1721
How to limit the view of other contacts for different users Solved contacts record_rules access rights	1 Jul 24	2434
What should be the domain filter for filtering all customers of a salesteam? salesteams record_rules domain_filter	0 Mar 15	4500
How can we ensure that portal users can see models from all companies? portal record_rules multicompany access rights	0 Oct 25	637

This question has been flagged

Enjoying the discussion? Don't just read, join in!