I need some help with Odoo V11. I want to prevent timesheet users from seeing All Timesheets. Only managers should be able to see All Timesheets, but somehow users can also see All Timesheets.
Which record rule and domain should be added/modified?
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project management
- MRP
This question has been flagged
1
Reply
3375
Views
Hi Adam:
Modify the account.analytic.line.timesheet.user record rule and enable Apply for Read in addition to the access rights that are already selected.
NOTE: Billing Users/Managers will still be able to see all timesheets.
Thanks Paresh. This worked for hiding the All Timesheets of other users, however, when I now log on from a Timesheet Manager account, I cannot see the timesheets of other users.
I fixed this by going to the Timesheets Users group and removed the account from there, and made sure that the user account is ONLY in the Timesheets Manager group. I wonder why Odoo did not perform this task when the account specified Manager?
Anyway, thanks a lot for your help.
Paresh, I'm trying to understand the Apply for Read Access Rights that I applied and the logic doesn't seem to make sense. The suggestion that you made works! but I'm just trying to understand why enabling Apply for Read caused this behaviour. It seems like Apply for Read should allow for users to read their own timesheets, but it was unchecked before and you could see all users timesheets. Why did applying this disable that? it seems backwards.
"Apply for <operation>" means the condition specified in the record rule should be applied when that particular "operation" is performed on the model. Since the "Apply for Read" checkbox was disabled in the default setting, the record rule was not being applied on "Read" operations on the model which was causing all timesheets to be visible. Enabling it, makes Odoo apply the condition specified in the record rule on Read operations on the model.
Hi Paresh, I have another behaviour related to this that I'm wondering how to correct. When I create a new user, if they are first added as a Timesheet User, they get added to the group Timesheet User. Later if they are changed to Timesheet Manager, they stay in both groups which causes conflicts with the permissions. How can I fix this? I notice that it doesn't happen with other groups so it's either a bug or I broke something with my changes that I implemented last time.
On Sun, Jun 21, 2020 at 4:48 PM Paresh Wagh <pawa2007@outlook.com> wrote:
"Apply for <operation>" means the condition specified in the record rule should be applied when that particular "operation" is performed on the model. Since the "Apply for Read" checkbox was disabled in the default setting, the record rule was not being applied on "Read" operations on the model which was causing all timesheets to be visible. Enabling it, makes Odoo apply the condition specified in the record rule on Read operations on the model.
Timesheet Manager has all the rights of the Timesheet User plus more. That's why when you add someone to the manager group they are automatically added to the user group. Do you have no an example of what you are trying to do?
Yes, I understand that, but when I add them to the Manager group, they remain in the User group, and this creates a conflict as they no longer can view ALL timesheets any more. I then have to remove them from the Users group, while keeping them in the Manager group, so that they can effectively see ALL timesheets.
I assumed that when you switch from User to Manager groups, it would automatically remove you from the previous group. But it Odoo doesn't do this. Any reason why? and is there a remedy for this?
--
Adam Rumjahn
Operations Manager - EMEA
Twente Additive Manufacturing B.V.
Talmaplein 16
Enschede 7523ZA
The Netherlands
phone: +49 304 6403 8403
mobile: +49 176 6701 6284
email: adam@twente-am.com
web: www.twente-am.com
Temporary Address:
c/o Procter Water Utility
8690 Procter East Road.
Procter, British Columbia
CANADA - V0G 1V0
|
Sender notified by Mailtrack 21/09/20, 19:01:32 |
On Mon, Sep 21, 2020 at 6:59 PM Paresh Wagh <pawa2007@outlook.com> wrote:
Odoo uses a layered mechanism for managing security. For example, in the case of timesheets, the Timesheet User group is assigned the basic rights to do timesheet entry. The Timesheet Manager inherits these rights (take a look at the "Inherited" tab in the Timesheet Manager security group) and provides more rights in addition to the ones provided by the Timesheet User group. All the security groups in Odoo are assigned this way.
Hope this helps.
