Skip to Content
This question has been flagged
3 Replies
12792 Views
Avatar
Peter Nietz

As far as I can see the access control in Odoo seems to work on record level (perm_create, perm_read, perm_write and perm_unlink). This is fine for most access control tasks.

However in my module I need access control on field level. The record shall be writeable for the user, i.e. the user must have perm_write on the record, but some fields shall be read-only for him.

How can this be achieved?

Avatar
Discard
Avatar
Qutechs, Ahmed M.Elmubarak
Best Answer

Hello,

You can do this by inheriting the view for specific group ...

Kindly check these questions:

https://www.odoo.com/es_ES/forum/ayuda-1/question/make-field-readonly-based-on-group-58921

http://stackoverflow.com/questions/18912997/how-to-make-field-readonly-based-on-group-and-status


Avatar
Discard
Peter Nietz
Author

Many thanks for your answer. This sounds like a surprising, but legitimate approach. My only concern is: How secure is this approach? As far as I understand the record level security is strictly enforced by the ORM, hence very secure. Now this approach works on view level, which sounds inherently less secure to me. Or am I overanxious here?

Avatar
SanathT
Best Answer

Hi,

Create new group by adding new record to res.groups

eg:

<record id="group_new" model="res.groups">    
    <field name="name">Email Notify</field>    
    <field name="comment">Enable/Disable sending mails</field>    
    <field name="category_id" ref="module_category_email_id"/>
</record>

then use that group in your field,

eg,

<field name="Field_Name" groups="your_model.group_new">

then view will not create that element for users which is not in that group. So that is not a view level security. But it will remove your element from view also.

You can use record rules also

<record model="ir.rule" id="ir_custom_access_rule">    
    <field name="name"> Your Custom Access Right</field>    
    <field name="model_id" ref="model_your_model"/>
    <field name="groups"  eval="[ref('your_module.group_new')]"/>    
    <field name="perm_read" eval="True"/>    
    <field name="perm_write" eval="False"/>    
    <field name="perm_unlink" eval="False"/>    
    <field name="perm_create" eval="False"/>
</record>
Avatar
Discard