Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

3

Administration, "settings" and "access rights"

By
Acar Nila
on 3/20/13, 11:58 PM 15,757 views

What is the difference of using 2 kind of setting from this menu :

Settings/Users/Users ---> click a user ---> edit ---> Access Rights Tab --> Administration.

There is 2 option : Settings & Access Rights.

When we choose "Settings" and when we choose "Access Rights" ?

3

Ray Carnes

--Ray Carnes--
15677
| 9 7 9
Greater Los Angeles, United States
--Ray Carnes--

Senior Odoo Analyst

OpenERP 6.1, 7.0 and Odoo 8.0, 9.0 (Since 2012)

Completed Functional and Technical Training.

Major Skills:

  • Needs Discovery and Requirements Analysis;

  • Function and Technical Specifications;

  • Project Planning;

  • Prototyping and Proof of concepts;

  • Data migration;

  • Configuration & Customization (UI and modules);

  • Integration - data, business logic and service levels;

  • Training and Knowledge transfer;

  • Go Live support;

  • Help desk;

  • Version Migration.

I have over 20 years of experience empowering and enabling users with enterprise information systems that make a real and measurable difference in their ability to proactively manage their businesses and organizations. 

Ray Carnes
On 3/21/13, 12:28 AM

To see the exact difference, you can review the Groups Administration / Access Rights and Administration / Settings from the menu sequence:

Settings -> Users - Groups

Look at the Access Rights tab to see the models/objects that each group is allowed to read, write, create and delete.

But mainly, the Access Rights Group allows members of the group to manage the permissions of other user accounts and the Settings Group allows members of the group to manage all of the configuration options of the system.

What's the point? A member of 'Access Rights' can add 'Settings' group to himself!

Mustafa Rawi
on 12/7/13, 5:22 PM
2
Nigel
On 5/27/14, 11:57 AM

The reasoning is the difference between HR and IT admin, both have/need the ability to create the other type of user but they do not actually want the access. If you are interested in restricting the users, you would create a group with the appropreate permissions. Or just set the user permissions every time.

1
Hiro Kobayashi
On 5/27/14, 8:00 AM

As Mustafa Rawi has pointed out, a member of 'Access Rights' can actually create a new user with the 'Settings' permissions or add himself to the 'Settings' group by activating 'Technical Features' for their account - after activating 'Technical Features' they have access to the 'Groups' navigation point. Funnily enough, if they're in the 'Access Rights' groups, they can't simply edit their own user through the normal Edit User Form and select 'Settings' from the 'Administration' drop down. So the workaround of activating 'Technical Features' has to be used.

I don't get why there is a distinction between the two groups. Maybe this has historical reasons. From a security point of view, treat users from the group 'Access Rights' as having the extended 'Settings' permissions. They're basically super users.

Edit: Actually, it looks like if a user is in any group that has full CRUD permissions for res.users, they can create a new user with elevated group permissions ('Technical Features', 'Settings).

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

5 follower(s)

Stats

Asked: 3/20/13, 11:58 PM
Seen: 15757 times
Last updated: 9/30/16, 3:24 PM