Skip to Content
This question has been flagged
2 Replies
3283 Views
Avatar
David

Dear Odooers,

I have a problem understanding access rights related to groups and the application of them. My problem is the following:

A normal user (employee) is able to change the department for themselves in the hr.employee form which I don't want to allow.

Looking at the access rights, the following is set (don't know why, maybe because of the default access rights template):

hr.employee user
Group: Employees / Officer: Manage all employees
CRUD: All
hr.employee system user
Group: Administration / Settings
CRUD: Read
Questions:

Is this a "normal" setup?
How can I prevent users from changing their own department?
Thank you very much for helping me to understand what is going on here and where my misunderstandings are.

David

Avatar
Discard
David
Author

Dear Jaideep, thanks a lot for your answer! Would that also mean they can edit their own address and their private details?

Dear Muhammad, thanks for the proposal but that is far too complex for me to do. ;-)

Avatar
MUHAMMAD Imran
Best Answer

In Odoo 16, the access rights for the hr.employee form can be set in the "Settings" menu, under "Users" and "Groups".


You can also set the access rights programmatically by creating a new access rights record for the hr.employee model using the ir.model.access object.


Here is an example of how you might give a specific group of users read-only access to the hr.employee form in Odoo 16:


Copy code

from odoo import api, models


class EmployeeAccessRights(models.Model):

    _name = 'employee.access.rights'


    @api.model

    def set_employee_access_rights(self):

        access_obj = self.env['ir.model.access']

        group_obj = self.env['res.groups']


        # Get the group you want to give access to

        group_id = group_obj.search([('name', '=', 'HR Managers')]).id


        # Create a new access rights record for the hr.employee model

        access_obj.create({

            'name': 'hr_employee_read',

            'model_id': self.env.ref('hr.model_hr_employee').id,

            'group_id': group_id,

            'perm_read': True,

            'perm_write': False,

            'perm_create': False,

            'perm_unlink': False,

        })

You can also use the above class in your function or automation to call the function set_employee_access_rights

Avatar
Discard
Avatar
Jaideep
Best Answer

In settings > Employees employee Update rights section uncheck the 'Employee Editing' option

Avatar
Discard