Hello I'm trying to restrict the users to see only his own contacts, I made the following changes:
1. Create a new group Show Own Contacts Only for Extra Rights application.
2. Create a new record rule Own contacts for the Contact object that applies for read, write, create and delete
and uses [('user_id', '=', user.id)] as Domain Filter and add Show Own Contacts Only as Group.
So far so good, but when I login I can still see all the contacts and I can only modify (write) the contacts that belong to the user that is logged in. I get a (Document type: Contact, Operation: write) error.
After making some tests I discovered that if I archive the res.partner.rule.private.employee rule my new record rule works as I expect. I can see only the user contacts. Also if a make my Own contacts my rule global it works too.
Why if I can't write on a contact that does not belong to me I still see it? What's the utility of this res.partner.rule.private.employee rule?
There's something missing here but I don't know what. Any suggestion?
There is a group named Contact Creation make sure that the user is not belonging to that group
Groups and Access Rights in Odoo: https://goo.gl/4jAhtH