You can add a line in the ir.model.access.csv of the concerned module like that :
id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
access_hr_th_group_thw_emp hr.th.employee_id hr.model_hr_th group_thw_emp 1 0 0 0
I'm not sure about my line cause i don't know your groups and module, but you can inspire yourself with any ir.model.access.csv on the base code.
EDIT :
Here some links about ir_model_access :
https://accounts.openerp.com/forum/Help-1/question/12430
In this link you can read :
For :
id name model_id/id group_id/id perm_read perm_write
perm_create perm_unlink
model_bpl_worker_manager bpl_worker model_bpl_worker
group_checkroll_manager 1 1 1 1
- id = unique identify for the permission (Example: MY_MODULE_res_partner_manager)
- name = unique name for the permission (Example: res_partner manager)
- model_id/id = the model unique name of the class you want apply permission on (Example model_res_partner)
- group_id/id = group permission apply on (yopu can define it in xml group file or call an existing group with syntax module.group_id)
- perm_read,perm_write,perm_create,perm_unlink = the 4 values for the relative permission to read, write,create,unlink record on defined class. 1 is True (you can do this action) and 0 is Faslse (you can't)
A simple way to understand this file is to read an existing csv in some OpenERP base module like sale, account, product, etc...
Some useful link: http://www.zbeanztech.com/blog/security-openerp
I can give you others links likes :
http://forum.openerp.com/forum/topic16596.html
http://stackoverflow.com/questions/15966676/openerp-7-access-rights-for-user-roles