Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
i had created a user and mapped to two different groups with two different access rights.
For one group pnly read access and another group both read and write access
It is talking the highest access rights (read and write) but i want to know how it is taking the highest access rights (and i want to the architecture behind that)
Hi,
Group security rights "Add" permissions.
Edit: When for a certain model, groupA adds read access and groupB adds write access, a user in both groupA and groupB will have both read and write access. If in doubt, check: https://github.com/odoo/odoo/blob/master/openerp/addons/base/ir/ir_model.py#L704
If you want a security rule to remove a certain permissions, look at the record rules:
Global rules (non group-specific) are restrictions, and cannot be bypassed. Group-local rules grant additional permissions, but are constrained within the bounds of global ones. The first group rules restrict further than global rules, but any additional group rule will add more permissions
Detailed algorithm:
1. Global rules are combined together with a logical AND operator, and with the result of the following steps
2. Group-specific rules are combined together with a logical OR operator
3. If user belongs to several groups, the results from step 2 are combined with logical OR operator
Example: GLOBAL_RULE_1 AND GLOBAL_RULE_2 AND ( (GROUP_A_RULE_1 OR GROUP_A_RULE_2) OR (GROUP_B_RULE_1 OR GROUP_B_RULE_2) )
Regards,
Jos
1. Use the live chat to ask your questions.
2. The operator answers within a few minutes.
