Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
Hello there,
We are in Odoo 10 community.
I have a user who is only an employee. In his setting, this is his only group :
Once the user is logged, In Timesheets/Detailed activities, he can change the project and/or task EVEN FOR OTHER USERS.
Is it normal? Should not he be able to change only his own projects and tasks?
Thanks for your comments
EDIT #1
In the menu Timesheets/My current Timesheet, the employee can also create a new timesheet for an other employee... Is it normal?
The group "Human Resources / Employees" has too much access rights. But as Odoo stated, the default access rights are meant to be a help for setting up the system, not a configuration.
Thanks for your answer.
I forgot to put my new lines. So here they are. May be errors, but it should help.
If I remember well, these are the right lines.
<?xml version="1.0" encoding="utf-8"?>
<odoo>
<data noupdate="0">
<!-- basic users/employees can only view their timesheets-->
<record id="timesheet_users" model="ir.rule">
<field name="name">Allow users to view only their own timesheets</field>
<field name="model_id" ref="hr_timesheet_sheet.model_hr_timesheet_sheet_sheet" />
<field name="groups" eval="[(4, ref('base.group_user'))]" />
<field name="domain_force">['|',('employee_id.user_id','=',user.id),('employee_id','=',False)]</field>
<field name="perm_read" eval="True" />
<field name="perm_write" eval="True" />
<field name="perm_unlink" eval="False" />
<field name="perm_create" eval="True" />
</record>
<record id="account_analytic_line_users" model="ir.rule">
<field name="name">Allow users to view only their own analytic account lines</field>
<field name="model_id" ref="analytic.model_account_analytic_line" />
<field name="groups" eval="[(4, ref('base.group_user'))]" />
<field name="domain_force">[('user_id','=',user.id)]</field>
<field name="perm_read" eval="True" />
<field name="perm_write" eval="True" />
<field name="perm_unlink" eval="True" />
<field name="perm_create" eval="True" />
</record>
<record id="account_analytic_line_users_2" model="ir.rule">
<field name="name">Allow Gestionnaire to view all analytic account lines</field>
<field name="model_id" ref="analytic.model_account_analytic_line" />
<field name="groups" eval="[(4, ref('hr.group_hr_manager'))]" />
<field name="domain_force">[]</field>
<field name="perm_read" eval="True" />
<field name="perm_write" eval="True" />
<field name="perm_unlink" eval="True" />
<field name="perm_create" eval="True" />
</record>
</data>
</odoo>
1. Use the live chat to ask your questions.
2. The operator answers within a few minutes.
