hi all seniors,

i need your expert advise, please guide is it ok or can be problematic in some cases? 

folder: security 

file name: ir_rule.xml

<odoo>

<data>

<record id="crm_lead_access_by_self_n_supervisor" model="ir.rule">

<field name="name">Lead (CRM) access by only self and supervisor</field>

<field name="model_id" ref="crm.lead"/>

<field name="domain_force">['|', '|',  ('user_id', '=', user.id), ('user_id', '=', False), ('user_id.user_ids.supervisor', '=', user.id)]</field>

<field name="groups" eval="[(4, ref('base.group_user'))]"/>

<field name="perm_read" eval="True"/>

<field name="perm_write" eval="True"/>

<field name="perm_create" eval="True"/>

<field name="perm_unlink" eval="True"/>

</record>

</data>

</odoo>

thanks in advance.