Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

0

Invite new users

By
Sami Mattila
on 10/15/15, 7:29 AM 938 views

Brand new Odoo 9 installation (in Ubuntu 14.04). Success

Installed all 31 Apps. Success

Defined email settings. Success

Enabled Google login in Settings. Success

Enabled multiple companies in Settings. Success

Sent (email) invitation to first new user using admin account. Success

Logged in using the new user account (that's supposed to be a clone of admin account.) Success

Checked the new user account security settings (they are the same as admin's.) Success


Here comes the problem. The new user (that is supposed to have exact same security settings that admin has) can't send an invitation.

I have triple checked all the Security settings using Developer mode and they are exactly the same.

What am I missing?

Did the user cloning process fail?


Here is the exact error message...

Odoo Warning - Access Error
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: mail.message, Operation: read)


Sam

As only users in Administrator group (ie. Technical Managers) can access Settings page it would be logical that they can send invitations from there by default.

Sami Mattila
on 10/15/15, 10:33 AM

This did not help. http://dl.dropbox.com/u/49702772/Selection_062.jpg

Sami Mattila
on 10/15/15, 11:00 AM

These are the default settings for Administrator... http://dl.dropbox.com/u/49702772/Selection_064.jpg

Sami Mattila
on 10/16/15, 6:52 AM
0

Pawan

--Pawan--
1267
| 4 3 5
Hyderabad, India
--Pawan--


Pawan
On 10/16/15, 1:47 AM

Sam,

Please check at Access rules(Settings->Technical -> Security -> Record Rules) for object mail.message, which is blocking the read access for your user(trying making it inactive for testing your functionality).

Regards,

Pawan    

http://dl.dropbox.com/u/49702772/Selection_062.jpg

Sami Mattila
on 10/16/15, 6:36 AM

I added those full permissions for Administrator group but that did not help. I'm not sure if it's a good idea to have everyone full access.

Sami Mattila
on 10/16/15, 6:38 AM

Sami, this type of error correspond to Access rules, For ex: There is a access rule defined on mail.message object with domain(filter) that logged in user can access only those messages which are create by him, so domain would be like [('create_uid','=',user.id)] and we can define operatons(CRUD) to be applied on this domain filter. Suppose we have defined all four (Read/Write/Delete/Create) rights, Now if anyhow user tries to Read/Write/Delete/Create any message which is not created by him, he will get exactly the same message as u got :
Odoo Warning - Access Error
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: mail.message, Operation: read)
So, at your access rule(defined path above) please check for any such rules existance. and try disabling it.

Pawan
on 10/19/15, 1:10 AM

It seems that even though I have added Administrator group full permissions to mail.message.all the default mail.message.all without any group defined over-rules the administrator groups rule. Or maybe it's the "Outgoing Mails" rule that needs to be changed/added? What would be the result if I added full rights to the default/non-group settings?

Sami Mattila
on 10/19/15, 3:53 AM
0

Temur

--Temur--
2894
| 6 5 7
Tbilisi, Georgia
--Temur--
Programmer
Temur
On 10/15/15, 8:11 AM

There is many times used in Odoo code check of SUPERUSER_ID (which is 1) as a security measure. it means only one user can be a SUPERUSER, which is the user with the same ID as SUPERUSER_ID constant (i.e. one), as a result of such check, user with database ID  different then 1, will be limited in some way or another, compared to superuser (user with database id=1). AND as database ID is unique for every record, you can't have more then one superuser, but you can have several admins (slightly limited then superuser, as an user copied by you, that has different ID then 1). However, I've to include disclaimer, I never checked if the above statement about unique superuser is true or not, it's just a guess that comes from frequently used SUPERUSER_ID check in the code, but most probably it's the case.
Other hand, you can overcome the above error, by using sudo() function (scroll up a bit) in the code, thus enable other users to make same operation with superuser privileges(in better case, you should replace security measure with other security rules, instead of simply avoiding it with sudo function). so you can overcome the above error with a small customization of python code for failing operation.

Thank you for your response, Temur. Your solution seems overly complex to allow admin user to send email invitation.

Sami Mattila
on 10/15/15, 8:26 AM

Actually I was focused on explaining that this is an expected behavior, and I answered the two questions in your post... I'll summarize my answer as: cloning process does not fail, but that's possibly an expected behavior. regarding your error message, it should be a solution to edit permissions on mail.message model from settings and allow your cloned user to read this model. you tried it? or checked if it was allowed to read mail.message model?

Temur
on 10/15/15, 8:33 AM

I think it can be solved by editing permissions of "mail.message" model at "/Settings/Technical/Database Structure/Models" page

Temur
on 10/15/15, 8:43 AM

And there should be more options to give this user read/write access to mail.message model at Settings page. As I explained, it's quite possible that firs user has permission because of it's id, but you can enable the copied user as well to have access to mail.message, by explicitly granting such permission to it's own group or to it, etc... there should be multiple solutions

Temur
on 10/15/15, 9:03 AM

Administrator group all ready has full rights to mail.message model. There should be no need to edit it or Administrator group.

Sami Mattila
on 10/15/15, 9:46 AM

... Can you update your question with full error message?

Temur
on 10/15/15, 9:48 AM

Here is the exact error message... Odoo Warning - Access Error The requested operation cannot be completed due to security restrictions. Please contact your system administrator. (Document type: mail.message, Operation: read)

Sami Mattila
on 10/15/15, 10:58 AM
0
Sami Mattila
On 10/15/15, 8:19 AM

Thank you for your response, Temur.

Your solution seems overly complex to allow admin user to send email invitation.


Sam

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

1 follower(s)

Stats

Asked: 10/15/15, 7:29 AM
Seen: 938 times
Last updated: 10/16/15, 6:52 AM