Dear Shreya

To completely hide the "Import records" button for unauthorized groups (not just show an error when they try), you'll need to modify the UI views. Here's a complete solution:

Solution 1: Hide Import Button via View Inheritance

1. Create a new XML file (e.g., views/hide_import_button.xml) with:

xml

<odoo>
    <record id="hide_import_button" model="ir.ui.view">
        <field name="name">hide.import.button</field>
        <field name="model">ir.ui.menu</field>
        <field name="inherit_id" ref="base.view_menu_form"/>
        <field name="arch" type="xml">
            <xpath expr="//menu[@name='import']" position="attributes">
                <attribute name="groups">custom_crm.group_crm_coordinator,sales_team.group_sale_manager</attribute>
            </xpath>
        </field>
    </record>
</odoo>

1. Add this file to your manifest:

python

'data': [
    'views/hide_import_button.xml',
],

Solution 2: Hide Import Button via JS (Alternative Approach)

1. Create a JS file (e.g., static/src/js/hide_import.js):

javascript

odoo.define('your_module.hide_import', function (require) {
    "use strict";
    
    var ListView = require('web.ListView');
    
    ListView.include({
        render_import_button: function() {
            var allowed_groups = [
                'custom_crm.group_crm_coordinator',
                'sales_team.group_sale_manager'
            ];
            var can_import = _.any(allowed_groups, function(group) {
                return odoo.session_info.user_groups.includes(group);
            });
            if (!can_import) {
                return $.when();
            }
            return this._super.apply(this, arguments);
        },
    });
});

1. Add JS to assets in your manifest:

python

'assets': {
    'web.assets_backend': [
        'your_module/static/src/js/hide_import.js',
    ],
},

Why Your Current Solution Isn't Enough

Your current code:

• Only prevents the actual import (server-side)
• Doesn't hide the UI button (client-side)
• Shows an error only after users click import

Recommended Combined Approach

1. Keep your server-side protection (to prevent API imports)
2. Add Solution 1 (view inheritance) to hide the button completely
3. Add Solution 2 if you need dynamic client-side hiding

Verification Steps

1. Log in as a restricted user
2. Check that:
   • No "Import" button appears in list views
   • No "Import" option appears in the "Action" dropdown
   • Direct API calls to import still fail (your original code handles this)
     
     

🚀 Did This Solve Your Problem?

If this answer helped you save time, money, or frustration, consider:

✅ Upvoting (👍) to help others find it faster

✅ Marking as "Best Answer" if it resolved your issue

Your feedback keeps the Odoo community strong! 💪

(Need further customization? Drop a comment—I’m happy to refine the solution!)

You're on the right track by restricting access in the backend via Python, but that does not hide the "Import" button in the UI — it only prevents the action when triggered.

To hide the "Import" button in the UI (tree views), you need to override it at the view level using XML.

1. Hide Import Button via XML View Inheritance

Create a webclient_templates.xml in your module and add:
<odoo>

    <template id="webclient_templates" inherit_id="web.webclient_templates" name="Hide Import Button for Certain Groups">

        <xpath expr="//div[@class='o_control_panel']" position="before">

            <t t-if="not (user.has_group('custom_crm.group_crm_coordinator') or user.has_group('sales_team.group_sale_manager'))">

                <t t-set="can_import" t-value="False"/>

            </t>

        </xpath>

    </template>

</odoo>

This snippet disables the import button in the Odoo UI for users not in the allowed groups.

2. Backend Protection (Your Python Code)

Your existing code is good — just make sure it's hooked in via the correct inheritance.

models/base_model.py

You can put this inside a standard views folder in your module and reference it in your __manifest__.py.
from odoo import models, _

from odoo.exceptions import AccessError

class BaseModel(models.AbstractModel):

    _inherit = 'base'

    def load(self, fields, data):

        allowed_groups = [

            'custom_crm.group_crm_coordinator',

            'sales_team.group_sale_manager',

        ]

        if not any(self.env.user.has_group(g) for g in allowed_groups):

            raise AccessError(_("You are not allowed to import records."))

        return super(BaseModel, self).load(fields, data)

The XML hides the button from the UI for restricted users.

The Python code blocks direct API imports or external calls (security fallback).

Both together ensure full control.