Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
As far as I can see the access control in Odoo seems to work on record level (perm_create, perm_read, perm_write and perm_unlink). This is fine for most access control tasks.
However in my module I need access control on field level. The record shall be writeable for the user, i.e. the user must have perm_write on the record, but some fields shall be read-only for him.
How can this be achieved?
Hello,
You can do this by inheriting the view for specific group ...
Kindly check these questions:
https://www.odoo.com/es_ES/forum/ayuda-1/question/make-field-readonly-based-on-group-58921
http://stackoverflow.com/questions/18912997/how-to-make-field-readonly-based-on-group-and-status
Many thanks for your answer. This sounds like a surprising, but legitimate approach. My only concern is: How secure is this approach? As far as I understand the record level security is strictly enforced by the ORM, hence very secure. Now this approach works on view level, which sounds inherently less secure to me. Or am I overanxious here?
Hi,
Create new group by adding new record to res.groups
eg:
<record id="group_new" model="res.groups">
<field name="name">Email Notify</field>
<field name="comment">Enable/Disable sending mails</field>
<field name="category_id" ref="module_category_email_id"/>
</record>
then use that group in your field,
eg,
<field name="Field_Name" groups="your_model.group_new">
then view will not create that element for users which is not in that group. So that is not a view level security. But it will remove your element from view also.
You can use record rules also
<record model="ir.rule" id="ir_custom_access_rule">
<field name="name"> Your Custom Access Right</field>
<field name="model_id" ref="model_your_model"/>
<field name="groups" eval="[ref('your_module.group_new')]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_unlink" eval="False"/>
<field name="perm_create" eval="False"/>
</record>
1. Use the live chat to ask your questions.
2. The operator answers within a few minutes.
