Access rights and record rules for user group

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Accounting
Inventory
PoS
Project management
MRP

Take the tour

All Posts People Badges

Tags (View all)

odoo v14 accounting v15 odoo16features

About this forum

Help

Access rights and record rules for user group

record_rules domain_filter access rights

1 Reply

1815 Views

Benedikt Schnörr

Hey guys,
I'm setting up a new Odoo db right now and I want to create an access group that has read and write access to contacts, only if the custom selection field x_type in a contact has the value "value1".
This is my only access right in this group:
name: model: read: write:

res.partner contact yes yes

This is the only record rule:
name: model: domain: read: write:

value1 contact [('x_type','=','value1')] yes yes

The problem is that the user in this group can still read and write to all contacts even though he is in no other access groups besides "internal user". Also "creating contact" in the user settings is deactivated.
Apparently, the access right works, but the record rule is not restricting the access right.

I have the free version 16 installed on debian 11 with the crm, contacts and mass mailing modules.

Can anyone help me with this problem? Is the domain maybe wrong or is there anything else I have to set up?

Chris TRINGHAM

Limiting access on Contacts can be tricky. This might be helpful: https://odootricks.tips/about/building-blocks/security/record-rules/

Benedikt Schnörr

Author

@Chris Thank you for the link, it helped a bit!

Benedikt Schnörr

Author Best Answer

Edit: I figured it out.

There is a record rule in the predefined group "Internal User" called "res.partner.rule.private.employee" which grants full access to all contact entries by default. This rule overwrote my own rule so it couldn't work. I limited the predefined rule's access to read only or deleted it, then my own rule worked.

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Related Posts	Replies	Views
Domain Filtering help: Is there any operator like 'includes' or 'contains', which will do the inverse of 'child_of' operator? Solved record_rules domain_filter	2 Oct 22	9584
How to limit the view of other contacts for different users Solved contacts record_rules access rights	1 Jul 24	126
What should be the domain filter for filtering all customers of a salesteam? salesteams record_rules domain_filter	0 Mar 15	2834
How do we prevent users from viewing contacts assigned to other salespersons users contacts record_rules access rights	0 Jul 24	1
New Apps with Odoo studio and make it readonly for other user after save. record_rules access rights OdooStudio odooonline	0 Jun 24	239

This question has been flagged

Enjoying the discussion? Don't just read, join in!