what is the major differance between access right and record rules in odoo security
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project
- MRP
This question has been flagged
4
Replies
12909
Views
Hi,
Security mechanism in odoo is implemented using access control, record rules and groups.
Access Control
Managed by the ir.model.access records, defines access to a whole model.
Each access control has a model to which it grants permissions, the permissions it grants and optionally a group.
Access controls are additive, for a given model a user has access all permissions granted to any of its groups: if the user belongs to one group which allows writing and another which allows deleting, they can both write and delete.
If no group is specified, the access control applies to all users, otherwise it only applies to the members of the given group.
Available permissions are creation (perm_create), searching and reading (perm_read), updating existing records (perm_write) and deleting existing records (perm_unlink)
Record Rules
Record rules are conditions that records must satisfy for an operation (create, read, update or delete) to be allowed. It is applied record-by-record after access control has been applied.
A record rule has:
- a model on which it applies
- a set of permissions to which it applies (e.g. if perm_read is set, the rule will only be checked when reading a record)
- a set of user groups to which the rule applies, if no group is specified the rule is global
- a domain used to check whether a given record matches the rule (and is accessible) or does not (and is not accessible). The domain is evaluated with two variables in context: user is the current user’s record and time is the time module
Global rules and group rules (rules restricted to specific groups versus groups applying to all users) are used quite differently:
- Global rules are subtractive, they must all be matched for a record to be accessible
- Group rules are additive, if any of them matches (and all global rules match) then the record is accessible
This means the first group rule restricts access, but any further group rule expands it, while global rules can only ever restrict access (or have no effect).
You can see this information in Odoo Documentation: https://www.odoo.com/documentation/13.0/reference/security.html
Thanks
here is quite good explain of that.
https://odootricks.tips/about/building-blocks/security/record-rules/
https://odootricks.tips/about/building-blocks/security/user-access-groups/
Hi,
Access rights and Record rules both are using for the security purpose in Odoo. One of the main differences are we have an option for giving rights(create,write,unlink,read) for a specific model conditionally by using domain_force.
For more reference visit the following blog Security in odoo
Hope it helps
Enjoying the discussion? Don't just read, join in!
Create an account today to enjoy exclusive features and engage with our awesome community!
Sign up| Related Posts | Replies | Views | Activity | |
|---|---|---|---|---|
|
0
Jun 25
|
288 | ||
|
0
Jan 25
|
1365 | ||
|
0
Jan 25
|
1366 | ||
|
1
Dec 24
|
1842 | ||
|
0
May 24
|
1446 |
Access Rights in Odoo: https://goo.gl/4jAhtH