On Odoo 12 is possible to create a user and assign to it the "Access rights" group. As pointed also in https://www.odoo.com/it_IT/forum/help-1/question/administration-settings-and-access-rights-7270 this user is now able to create another user with "Settings" group, and feels a little bit strange due to the fact that a user with "Settings" can manage the whole system including install or remove application and change system settings while a user with "Access Rights" group cannot, but actually has the possibility to create a user with "Settings" group who is actually a superuser.
How prevent user with "Access Rights" group to create user with "Settings" group?
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project
- MRP
This question has been flagged
4
Replies
14589
Views
Hi Stefano:
One way to do this would be to do the following:
Ensure that the user with Administration / Access Rights does not have Extra Rights / Technical Features privileges. This will prevent the user from using the Settings > Users & Companies > Groups menu item to add a user directly to a security group.
Customize the "Users" form and make the Administration field accessible only to users in the Administration / Settings group by adding a groups="base.group_system" attribute to the field.
Hello,
I am using Odoo 14 Community Edition.
Can someone show me, please
where I can find the Administration / Settings to add groups = "base.group_system"?
Many Thanks
I don't think it is possible (as standard).
You are right that once you grant a user access to Administration (either of the two user access groups) you are giving them the ability to manage both Settings and User Access.
In a typical Odoo implementation this is probably OK, because you wouldn't have two separate people needing access to settings and user access. Do you have a requirement to set it up that way?
The method proposed from Paresh worked nice, thanks!
I also needed a couple of additional steps, because after this the user with "Access Rights" group is still able to clone/edit an user with "Settings" group, so:
added a record rule for the group "Access rights" to prevent edit all the users except administrator.
added a record rule for the group "Settings" to give the possibility to edit user adminstrator.
I don't think adding record rules will do the job because as long as the group "Access Rights" can edit record rules, it can modify all the security
Enjoying the discussion? Don't just read, join in!
Create an account today to enjoy exclusive features and engage with our awesome community!
Sign up| Related Posts | Replies | Views | Activity | |
|---|---|---|---|---|
|
1
Apr 25
|
2632 | ||
|
0
Mar 24
|
758 | ||
|
0
Oct 22
|
1970 | ||
|
|
0
Sep 22
|
1099 | ||
|
1
Jul 22
|
4729 |
