I would like to allow certain admin users to create users, but these users should not be able to grant or edit specific access rights. Ie they cannot create a user with Administration: Technical Settings. I would like to set it so that users can't assign anything to the Administration permission. Are things like that possible?
Yes it is. But you need to fine tune the ACL and Record Rules (it is not just one click away).
- Create a group that have access to Create, Update, and Read (you can add Delete, but I won't advise it) res.users. To create the group use Settings >> Users >> Groups menu. To provide access, use Settings >> Technical >> Security >> Access Control List
- For that group, create Record Rules (Settings >> Technical >> Security >> Record Rules) for res.groups model so that it cannot read Groups that has category_id of Technical Settings (you need the Database ID or XML ID of this category first to create the Record Rules).
- Create a user with that group. This user will be able to create another user, but since s/he cannot read certain groups, s/he cannot assign those groups to the new user.
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
|Asked: 12/8/14, 5:54 PM|
|Seen: 649 times|
|Last updated: 3/16/15, 8:10 AM|