Odoo Help


How can I achieve field level access restriction based on logged in user and user group?

on 3/5/15, 3:56 AM 610 views

Hello everyone 
I am currently working in “hr” module customization. The requirement is to  give access rights to curtain fields based on the logged in user group (Employee and Colleague). According to the context of my requirement “Employee” access is the freedom to edit his own profile, while “Colleague”  can only read other employees profile. When a employee login to system he becomes an employee in his own profile and a colleague when checking other employees profile . Below is my code Below is my code 

_defaults= {

        'uid': lambda obj, cr, uid, context:uid

<record id="my_employee_group" model="res.groups">
    <field name="name">My Employee</field>
    <field name="comment">My Employee Permission Group.</field>
    <field name="category_id" ref="my_module.module_category_hr"/>

<record id="hr_form_employee_view" model="ir.ui.view">
    <field name="name">custom_hr_employee_form</field>
    <field name="model">hr.employee</field>
    <field name="inherit_id" ref="my_module.view_employee_form"/>
    <field name="groups_id" eval="[(6, 0, [ref('my_module.my_employee_group') ])]"/>
    <field name="type">form</field>
    <field name="arch" type="xml">
        <field name='name' position="attributes">
            <attribute name="attrs">{'readonly':[('user_id','!=','uid')]}</attribute>

The problem I am facing currently is that an employee can edit his name and his colleague’s name.
How can I achieve this requirement. 
Any help is greatly appreciated.

On 3/5/15, 5:13 AM

In ir.model.access.csv:
my_access_hr_employee_user,hr.employee user_my_group,hr.model_hr_employee,my_group,1,1,0,0

In security.xml:

    <record model="ir.rule" id="my_group_edit_self">
        <field name="name">User can edit only themselves</field>
        <field name="model_id" search="[('model','=','hr.employee')]" model="ir.model"/>
        <field name="domain_force">[('login', '!=', user.id)]</field>
        <field name="groups" eval="[(4,ref('my_group'))]"/>
        <field name="perm_write" eval="0"/>
        <field name="perm_unlink" eval="0"/>
        <field name="perm_create" eval="0"/>
        <field name="perm_read" eval="1"/>


Techno-Functional Associate with 6+ years of experience in Odoo (formerly known as OpenERP).

On 3/5/15, 4:55 AM

Try ORM method called "check_access_rights", in this you can control whether to give access to edit such records or not..

check_access_rights(cr, uid, 'create', raise_exception=False)

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

1 follower(s)


Asked: 3/5/15, 3:56 AM
Seen: 610 times
Last updated: 3/16/15, 8:10 AM