I would like to allow certain admin users to create users, but these users should not be able to grant or edit specific access rights. Ie they cannot create a user with Administration: Technical Settings. I would like to set it so that users can't assign anything to the Administration permission. Are things like that possible?
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project management
- MRP
This question has been flagged
1
Reply
3714
Views
Yes it is. But you need to fine tune the ACL and Record Rules (it is not just one click away).
- Create a group that have access to Create, Update, and Read (you can add Delete, but I won't advise it) res.users. To create the group use Settings >> Users >> Groups menu. To provide access, use Settings >> Technical >> Security >> Access Control List
- For that group, create Record Rules (Settings >> Technical >> Security >> Record Rules) for res.groups model so that it cannot read Groups that has category_id of Technical Settings (you need the Database ID or XML ID of this category first to create the Record Rules).
- Create a user with that group. This user will be able to create another user, but since s/he cannot read certain groups, s/he cannot assign those groups to the new user.