Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

0

How to make a field read-only based on group

By
Peter Nietz
on 2/16/16, 5:51 AM 692 views

As far as I can see the access control in Odoo seems to work on record level (perm_create, perm_read, perm_write and perm_unlink). This is fine for most access control tasks.

However in my module I need access control on field level. The record shall be writeable for the user, i.e. the user must have perm_write on the record, but some fields shall be read-only for him.

How can this be achieved?

1

Ahmed M.Elmubarak

--Ahmed M.Elmubarak--
2988
| 5 3 5
Sudan
--Ahmed M.Elmubarak--


Ahmed M.Elmubarak
On 2/16/16, 6:04 AM

Many thanks for your answer. This sounds like a surprising, but legitimate approach. My only concern is: How secure is this approach? As far as I understand the record level security is strictly enforced by the ORM, hence very secure. Now this approach works on view level, which sounds inherently less secure to me. Or am I overanxious here?

Peter Nietz
on 2/16/16, 8:21 AM
0
SanathT
On 2/23/16, 6:30 AM

Hi,

Create new group by adding new record to res.groups

eg:

<record id="group_new" model="res.groups">    
    <field name="name">Email Notify</field>
    <field name="comment">Enable/Disable sending mails</field>
    <field name="category_id" ref="module_category_email_id"/>
</record>

then use that group in your field,

eg,

<field name="Field_Name" groups="your_model.group_new">

then view will not create that element for users which is not in that group. So that is not a view level security. But it will remove your element from view also.

You can use record rules also

<record model="ir.rule" id="ir_custom_access_rule">    
    <field name="name"> Your Custom Access Right</field>
    <field name="model_id" ref="model_your_model"/>
    <field name="groups" eval="[ref('your_module.group_new')]"/>
    <field name="perm_read" eval="True"/>
    <field name="perm_write" eval="False"/>
    <field name="perm_unlink" eval="False"/>
    <field name="perm_create" eval="False"/>
</record>

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

1 follower(s)

Stats

Asked: 2/16/16, 5:51 AM
Seen: 692 times
Last updated: 2/23/16, 6:30 AM