Help

0

Odoo 11 - Prevent timesheet users from seeing All Timesheets

 I need some help with Odoo V11. I want to prevent timesheet users from seeing All Timesheets. Only managers should be able to see All Timesheets, but somehow users can also see All Timesheets.


Which record rule and domain should be added/modified?

Avatar
Discard
1 Answer
1
Avatar
Paresh Wagh
Best Answer

Hi Adam:

Modify the account.analytic.line.timesheet.user record rule and enable Apply for Read in addition to the access rights that are already selected. 

NOTE: Billing Users/Managers will still be able to see all timesheets.


7 Comments
Avatar
Discard

Thanks Paresh. This worked for hiding the All Timesheets of other users, however, when I now log on from a Timesheet Manager account, I cannot see the timesheets of other users.

I fixed this by going to the Timesheets Users group and removed the account from there, and made sure that the user account is ONLY in the Timesheets Manager group. I wonder why Odoo did not perform this task when the account specified Manager?

Anyway, thanks a lot for your help.

Paresh, I'm trying to understand the Apply for Read Access Rights that I applied and the logic doesn't seem to make sense. The suggestion that you made works! but I'm just trying to understand why enabling Apply for Read caused this behaviour. It seems like Apply for Read should allow for users to read their own timesheets, but it was unchecked before and you could see all users timesheets. Why did applying this disable that? it seems backwards.

Avatar
Paresh Wagh
-

"Apply for <operation>" means the condition specified in the record rule should be applied when that particular "operation" is performed on the model. Since the "Apply for Read" checkbox was disabled in the default setting, the record rule was not being applied on "Read" operations on the model which was causing all timesheets to be visible. Enabling it, makes Odoo apply the condition specified in the record rule on Read operations on the model.

Avatar
Adam Abraham Rumjahn
-
Hi Paresh, I have another behaviour related to this that I'm wondering how to correct.  When I create a new user, if they are first added as a Timesheet User, they get added to the group Timesheet User.  Later if they are changed to Timesheet Manager, they stay in both groups which causes conflicts with the permissions.  How can I fix this? I notice that it doesn't happen with other groups so it's either a bug or I broke something with my changes that I implemented last time.

On Sun, Jun 21, 2020 at 4:48 PM Paresh Wagh <pawa2007@outlook.com> wrote:

"Apply for <operation>" means the condition specified in the record rule should be applied when that particular "operation" is performed on the model. Since the "Apply for Read" checkbox was disabled in the default setting, the record rule was not being applied on "Read" operations on the model which was causing all timesheets to be visible. Enabling it, makes Odoo apply the condition specified in the record rule on Read operations on the model.

Sent by Odoo S.A. using Odoo.

Avatar
Paresh Wagh
-

Timesheet Manager has all the rights of the Timesheet User plus more. That's why when you add someone to the manager group they are automatically added to the user group. Do you have no an example of what you are trying to do?

Avatar
Adam Abraham Rumjahn
-
Yes, I understand that, but when I add them to the Manager group, they remain in the User group, and this creates a conflict as they no longer can view ALL timesheets any more.  I then have to remove them from the Users group, while keeping them in the Manager group, so that they can effectively see ALL timesheets.  

I assumed that when you switch from User to Manager groups, it would automatically remove you from the previous group.  But it Odoo doesn't do this.  Any reason why? and is there a remedy for this?

--

Adam Rumjahn

Operations Manager - EMEA


Twente Additive Manufacturing B.V.

Talmaplein 16

Enschede 7523ZA

The Netherlands

phone: +49 304 6403 8403 

mobile: +49 176 6701 6284

email: adam@twente-am.com

web: www.twente-am.com


Temporary Address:

c/o Procter Water Utility

8690 Procter East Road.

Procter, British Columbia

CANADA - V0G 1V0


Mailtrack Sender notified by
Mailtrack 21/09/20, 19:01:32

On Mon, Sep 21, 2020 at 6:59 PM Paresh Wagh <pawa2007@outlook.com> wrote:

Timesheet Manager has all the rights of the Timesheet User plus more. That's why when you add someone to the manager group they are automatically added to the user group. Do you have no an example of what you are trying to do?

Sent by Odoo S.A. using Odoo.

Avatar
Paresh Wagh
-

Odoo uses a layered mechanism for managing security. For example, in the case of timesheets, the Timesheet User group is assigned the basic rights to do timesheet entry. The Timesheet Manager inherits these rights (take a look at the "Inherited" tab in the Timesheet Manager security group) and provides more rights in addition to the ones provided by the Timesheet User group. All the security groups in Odoo are assigned this way.

Hope this helps.