Purpose of this entry is to explain how to create new access rights groups to determine different access rights profiles for a newly created app (via studio). 

/!\ Warning: When a new app is created via studio, the Group access "Internal User" will automatically have access to the app in "Read". Given this "Internal user" is set for all users of the DB. In case you don't want all user or new users to have access, you should remove the accesses of the new app to the Group "Internal users" so that not everyone can read/writhe/create. 

To do so : [DEBUG] Settings > Users & Companies > Groups > Intenal User ----> Remove the access right via the "bin". 

1. Create the Studio App. 

2. [In debug] Settings > Users & Companies > Groups > Create a new group

Application : Not required - Eventhough we might think that if we set an Application there the access right group will be limited to the app, this is not the case. This actually indicates where the access rights will be selectable in the Settings > access rights. If an app is selected, there will be a reference of the app in the settings and you will be able to select it there. 

e.g. accounting : 

In case it is not set, the access rights will appear as a checkbox at the bottom of the access rights page (settings > users)

Name (mandatory) : Name of the access right group (name of the checkbox to select to grant the access). 

TAB "Users"

- Name : Will allow you to select the users for which the access rights is granted. 

TAB "Menu"

- Add the menu to enable people to actually see the newly created app/model. 

Warning, it is not because you have access to the App (in terms of access rights) that you have a way to get into the app. Reason why you should set the menu.

TAB "Access rights"

- Add a name to the access rights

- Add the actual object for which you would like to give the access right and set the properties ("Read/write/create/delete").

------

As an example : 

I have created a new app for my users which is call "User guides" and where I put all Guide PDF for my new employees (so that they know how to use Odoo/Mailbox/Calendar/Computer etc.).

I will then create two new access rights groups : 

[A] User Guide Admin

Name : User Guide Admin
Menu : User Guides

Access rights : Read/Create/Write/Delete

----> I give this group to the Admin of the DB

[B] User Guide Reader

Name : User Guide reader
Menu : User Guides

Access rights : Read

----> I give this group to all other users of the DB

Based on this, only my User Guide admin will be able to create new guides & put the pdfs of the guides, while other users will only be able to read them. 

As a reminder, the "internal user" (which is applied to ALL users) have the read access (if not removed) so in this case we could have let the access rights to the internal user in case all user should be able to read.