i had created a user and mapped to two different groups with two different access rights.
For one group pnly read access and another group both read and write access
It is talking the highest access rights (read and write) but i want to know how it is taking the highest access rights (and i want to the architecture behind that)
Group security rights "Add" permissions.
Edit: When for a certain model, groupA adds read access and groupB adds write access, a user in both groupA and groupB will have both read and write access. If in doubt, check: https://github.com/odoo/odoo/blob/master/openerp/addons/base/ir/ir_model.py#L704
If you want a security rule to remove a certain permissions, look at the record rules:
Global rules (non group-specific) are restrictions, and cannot be bypassed. Group-local rules grant additional permissions, but are constrained within the bounds of global ones. The first group rules restrict further than global rules, but any additional group rule will add more permissions
1. Global rules are combined together with a logical AND operator, and with the result of the following steps
2. Group-specific rules are combined together with a logical OR operator
3. If user belongs to several groups, the results from step 2 are combined with logical OR operator
Example: GLOBAL_RULE_1 AND GLOBAL_RULE_2 AND ( (GROUP_A_RULE_1 OR GROUP_A_RULE_2) OR (GROUP_B_RULE_1 OR GROUP_B_RULE_2) )
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
|Asked: 5/22/14, 8:46 AM|
|Seen: 1452 times|
|Last updated: 3/16/15, 8:10 AM|