Odoo Help


How to use access rights and record rules?

René Schuster
on 1/7/14, 7:26 AM 19,231 views

I am currently super confused when handling the permissions for the project module.

At first, some questions:
1. Can Record Rules override Acces Rules?
2. Are Record Rules only used to filter some visible data?
3. Can Record Rules be used to reduce or increase the permissions? or even both? 4. Is there any domain operand to check whether a list conaints an element? (like the opposite of 'in'; e.g. ('member_ids', 'contain', user.id))

What I am trying to do is the following:
My Project module has three groups: User, Accountant, Manager. At the moment, I am only workling on the User group. The project itself has a member list (many2many) and a assigned manager.
I want the permissions this way, that all members of Project/User group can only see (read) the projects in which they are member. Further I want all members of Project/User group, that are manager of a project to be able to read and edit (write) their own projects.

What I have tried that far:
Using an access rule to give the Project/User group read and write access. Creating the following record rules:

<record model="ir.rule" id="project_project_user_rule">
             <field name="name">Project: User is Member</field>
             <field name="model_id" ref="model_project_project"></field>
             <field name="groups" eval="[(4,ref('project.group_project_user'))]"></field>
             <field name="domain_force">[('member_ids', 'in', user.employee_ids[0].id)]</field>
             <field eval="1" name="perm_read"></field>   
             <field eval="0" name="perm_write"></field> 
             <field eval="0" name="perm_unlink"></field>
             <field eval="0" name="perm_create"></field>

     <record model="ir.rule" id="project_project_user_manager_rule">
             <field name="name">Project: User is Manager</field>
             <field name="model_id" ref="model_project_project"></field>
             <field name="groups" eval="[(4,ref('project.group_project_user'))]"></field>
             <field name="domain_force">[('manager_id', '=', user.employee_ids[0].id)]</field>
             <field eval="1" name="perm_write"></field>
             <field eval="1" name="perm_read"></field>
             <field eval="0" name="perm_unlink"></field>
             <field eval="0" name="perm_create"></field>

The result is some how mysterious for me.
The project list view shows only the project in which the current user is member or manager (that's what i want!).
Projects in which the user is manager are accessable and editable (that's what i want too!)
Projects in which the user is member are not accessable (Access denied error). (that's not what i want, and confusing, since the record rule domain seems to work in the list view).

EDIT: Gathering more information, I've tried the following domains:

             [('member_ids', '=', user.employee_ids[0].id)]
             [('member_ids.user_id', '=', user.id)]

But for both, the issue remains the same..

Mind And Go
On 5/14/14, 4:56 PM


  1. Access rules are per Model access rules and record rules are per Record rules so they can't override the first rule.
  2. I think so
  3. Indirectly it could as you could allow people to see datas that is not natively supposed to be displayed. It's a kind of reduc/increase permission
    1. There is no such an inverse operand but solutions exists check below

Multiple answer for your right access :

  1. For letting the manager read their own project, a simple
    [('user_id','=', user.id)]
    should help because project inherits from account.analytic.account and the project manager is the anlytic one.
  2. For the many2many field Maybe you could try something like this, create another many2many field in the res.users object, call it projects_ids then you'll be able to do something like this :
    [('id','in', [ p.id for p from user.project_ids ])]

Hope it could help




About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

6 follower(s)


Asked: 1/7/14, 7:26 AM
Seen: 19231 times
Last updated: 4/12/18, 1:58 AM