This is (for example) my res.partner read ir.rule:
[('parent_id', '=', False)]My expectation:
I am (only) allowed to see all the res.partner records that have no parent_id.
Actual result:
Searching res.partner records on the tree view works exactly how I expect. I am only able to find the records that I should have access too according to the ir.rule logic. So far so good. However, actually clicking on the records (opening the form view of them) I get weird results on some records.
The following error is triggered:
The requested operation cannot be completed due to security restrictions. Please contact your system administrator. (Document type: res.partner, Operation: read)
I am testing this in a pretty big environment and the weird thing is that for some records I am indeed allowed to open the form view of the res.partner but for some records not. I don't see the logic / difference between these records. One would say that some other kind of domain filter is in place, but if I put my own small simple ir.rule on inactive, then there is no restriction in accessing the form view of all the res.partner records that are somehow restricted when it is enabled.
I am sorry if this is obvious / a beginner question. Do I not understand the ir.rule functionality?
Note: parent_id may be special in this case because it is a many2one to res.partner itself, but I have also tried to test with other many2one fields and they show the same behaviour.
This makes sense, thank you for the answer. I was staring a bit blind on that I should be able to see this res.partner record at least. It looks like I am not able to mark your answer as the solution yet though(?!)