Odoo Help


This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Multi group user - security rule

Ajay Tandon
on 5/22/14, 8:46 AM 1,452 views

i had created a user and mapped to two different groups with two different access rights.

For one group pnly read access and another group  both read and write access 

It is talking the highest access rights (read and write) but i want to know how it is taking the highest access rights (and i want to the architecture behind that)



Jos De Graeve
On 5/22/14, 8:57 AM


Group security rights "Add" permissions. 

Edit: When for a certain model, groupA adds read access and groupB adds write access, a user in both groupA and groupB will have both read and write access.  If in doubt, check: https://github.com/odoo/odoo/blob/master/openerp/addons/base/ir/ir_model.py#L704

If you want a security rule to remove a certain permissions, look at the record rules:

Global rules (non group-specific) are restrictions, and cannot be bypassed. Group-local rules grant additional permissions, but are constrained within the bounds of global ones. The first group rules restrict further than global rules, but any additional group rule will add more permissions

Detailed algorithm:

1. Global rules are combined together with a logical AND operator, and with the result of the following steps

2. Group-specific rules are combined together with a logical OR operator

3. If user belongs to several groups, the results from step 2 are combined with logical OR operator







Dhinesh - Technical Consultant, Sodexis Inc

--Dhinesh - Technical Consultant, Sodexis Inc--
| 5 4 9
Pondicherry, India
--Dhinesh - Technical Consultant, Sodexis Inc--

Passionate coder in Python/OpenERP. Knows Django/Flask MVC frameworks. Did code in Java, PHP.

Contact me at: dvdhinesh.mail@gmail.com

Dhinesh - Technical Consultant, Sodexis Inc
On 5/22/14, 8:59 AM

By default the groups determine the access rights to the different resources. A user may belong to several groups. If he belongs to several groups, we always use the group with the highest rights for a selected resource.

You can get more details on the following link1, link2.

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

1 follower(s)


Asked: 5/22/14, 8:46 AM
Seen: 1452 times
Last updated: 3/16/15, 8:10 AM