When you remove write/create access from a user group, they are supposed to not be able to create a new customers. This is not really the case. On many forms where there is a "Customer" field, there is still presented the option to "Create Customer." As far as I'm concerned, this option should never be present if the user does not have the access right.
To duplicate,: 1) Create a user with no right to create partners 2) Create a lead 3) Under customer, enter any non-customer name 4) See "Create Customer" option <- Problem area 1 5) Make sure you clear the customer field 6) Save the lead 7) Click convert to opportunity button 8) Under Related Customer, see the dropdown to "Create a new customer <-Problem area 2
Those are major bugs to the partner creation access rights. Every user, no matter what still has these options. I have altered EVERY SINGLE group and under res.partner EVERY SINGLE ONE has only read access. These options still remain.
This is related to the serial number access rights as well as I noted here: https://accounts.openerp.com/forum/Help-1/question/40808/ (Still no response on that one.)
[EDIT: ANy update to this issue?]
Cricket...cricket....cricket....looking at you OpenERP staff...
So... even if your "Create" is enabled, did you tried saving this new value on the Db? This must create an error.
@Grover What do you mean Create enabled? I have disabled Create because I do not want the users to create. They still get the option to Create even when it is disabled.
Ok, I'm not sure about it. But did you tried if it saves when a user doesn't have permission for creation? Because as I know the creation permission prevents user to create a new registry, but this is when you click "Save"
Yes, this is true. It will prevent creation with an error on save. The options, though, are still available. The user should not be able to click the Create button, see the form, enter the values, then click save and get an error. When is this a good design choice? When the permission is not available, the option to Create (the button) should not be visible to the user. I get calls about this because they think there is just an error not letting them save. I have to tell them again and again they don't have permission. These are end-users. These are not developers and you have to hold their hands. These kinds of options are confusing to them.