This question has been flagged
3 Replies
4073 Views
expenses
Avatar
Johan Henes

Hi !

In Odoo 10 we have two companies (One sub company of the other) where users in the "mother company" can post expenses very well, but users of the "daughter" get the following error :

--

Odoo Warning - Access Error

The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: hr.department, Operation: read)

--

The users have access right for both companies, and if the users of the daughter company post an expense when logged in to the mother company - the expenses can be posted just fine - but as they are employees of the daughter - this is strictly not possible as we would like the expenses to be posted in the correct company.


Users are correctly configured in HR-settings (Related user and Company) and we have tried all types of access right to the expenses app (Officer / Manager) in the System settings / User...

Any ideas what might be wrong much appreciated ... 

Avatar
Discard
Avatar
Thijs van Oers
Best Answer

Hi, I am not sure if you still have this problem, but I have the same issues in a odoo 11 MC environment. We do not use the mother parent configuration, but we do have managers who can access in (6) different companies.

The problem occurs for us when a manager 'A' logs out in company 1, where the employer of company 2  (Manager 'A' is his/hers manager) tries to validate an expensesheet in company 2. The restriction occurs at that moment. Is the manager logged in in company 2, then we do not have the problem. somehow the latest users company log-in is 'remembered' by Odoo.

What you could do is to dubbelcheck if all your related fields on the employer record are belonging to the corrrect complany. this includes department, working schedule, work address, privat address, debit/crdit account on the related partner field. All these fields should be unique per company.

Cheers

Thijs van Oers

Onestein,

Avatar
Discard
Avatar
Benjamin
Best Answer

@Thijs van Oers I have the exact same issue on Odoo 10 CE for our employees, however my user does not have it which is weird. Any workaround ?
Thank you,

Benjamin

Avatar
Discard
Avatar
Sehrish
Best Answer

The most significant area in Odoo/OpenERP is how to deal or manage users. Managing users and assigning groups or role is the key point in every business. In Odoo/OpenERP assigning role or group to the single user is made through Administrator. And its not a good practice to do so using login through admin and do some setting stuff like assigning groups to employee or users.

If you let users change their role (in dot NET applications) or groups (mostly used in ERP Systems) them selves, than you will no direct control over your system. You should have some policy to try to maintain a level of security.

Why we need role or groups?

The answer is you need to put everything significant to your business. As you have seen that their are couple of things in an ERP system which you don't want to show every user, most of your staff members needs to see only part of the given system. That's why we need groups or user role that will be assigned to each user. In Odoo/ERP the management of users is very flexible, and each user can belong to one or more groups.

To manage users and configure access rights you should start by defining the groups.

How to create / define groups : http://learnopenerp.blogspot.com/2018/01/groups-and-access-rights-in-odoo.html

Avatar
Discard