This question has been flagged
4 Replies
20508 Views
contactsrecord_rulesodoo12
Avatar
Alexander

Hello I'm trying to restrict the users to see only his own contacts, I made the following changes:

1. Create a new group Show Own Contacts Only for Extra Rights application.

2. Create a new record rule Own contacts for the Contact object that applies for read, write, create and delete
and uses [('user_id', '=', user.id)] as Domain Filter and add Show Own Contacts Only as Group.

So far so good, but when I login I can still see all the contacts and I can only modify (write) the contacts that belong to the user that is logged in. I get a (Document type: Contact, Operation: write) error.

After making some tests I discovered that if I archive the ​res.partner.rule.private.employee​ rule my new record rule works as I expect. I can see only the user contacts. Also if a make my Own contacts my rule global it works too.

Why if I can't write on a contact that does not belong to me I still see it? What's the utility of this res.partner.rule.private.employee​ rule?

There's something missing here but I don't know what. Any suggestion?

Avatar
Discard
Niyas Raphy (Walnut IT)

There is a group named Contact Creation make sure that the user is not belonging to that group

Sehrish

Groups and Access Rights in Odoo: https://goo.gl/4jAhtH

Avatar
Alexander
Author Best Answer

Hello, I don't if is the right approach but I solved the problem as follows:

1) Switch off the record rule res.partner.rule.private.employee.

2) Create a new record rule Own contacts for the Contact object that applies for read, write, create and delete
and uses ['|', ('type', '!=', 'private'), ('type', '=', False), ('user_id', '=', user.id)] as Domain Filter and Sale /User: Own Documents Only as Group.

3) Create a new record rule All contacts for the Contact object that applies for read, write, create and delete
and uses [(1, '!=', 1)] as Domain Filter and Sale /User: All Documents as Group.

In this way, I can restrict the users to see their own contacts and also keep the private address feature.

Suggestions are welcome. Regards.


Avatar
Discard
Chris TRINGHAM

Some thoughts (since you asked):

The Domain Filter [(1, '!=', 1)] will always test false and I think you mean [(1,'=',1)]. But that will allow this user group to access private addresses. Is that what you want?

Also, any other users (e.g. purchase, inventory, accounting) will have access to private addresses. Is that what you want?

Alexander
Author

Hello Chris,

You're right the domain filter should be [(1,'=',1)], on the other hand, why do you say that any other users will have access to private addresses? Now, the domain of the archived rule (res.partner.rule.private.employee) apply on the Sale /User: Own Documents Only group and not on the Intern User group, which is the group from where inherit the lowest level of access (User) for inventory, purchase, etc.

If I'm wrong I will appreciate your comment.

Greetings

Chris TRINGHAM

Without record rules, users have access to all records (if they have access to the table / model).

When you add a record rule it can restrict access.

In your setup, most users ((e.g. purchase, inventory, accounting) will not have any record rule to limit their access to contacts, so they will have access to all records, including private addresses.

Ali

i do ur answer step by step but dosen't work.

1st : deactive "res.partner.rule.private.employee"

2 : in record rule Create Own contacts By ['|', ('type', '!=', 'private'), ('type', '=', False), ('user_id', '=', user.id)] domain and sale/user : own... group

3 : in record rule Create All contact By [(1,'=',1)] and sale/user :All doc.. group

if u can help me to solve my problem

i need to sale's user couldn't access or see any contact from purchase's user and as purchase's user from sale's user

simo br

Your solution seems to work fine, the issue that i got is when trying to create a new sale order i get this message :

The requested operation ("read" on "Users" (res.users)) was rejected because of the following rules:

(Records: False (id=8), User: False (id=8))

Implicitly accessed through 'Users' (res.users).

How can i fix it ?

Avatar
Marcelo Costa
Best Answer

Hello,

I am using odoo12 community version. 

I following the best anwser this topic (Alexander) and my SaleUser see only your contacts, but cannot create a quotation or a sale order.

The error message dialog: (Document type: Users, Operation: read) - (Records: [9], User: 9).

Does anyone face same issue and knows how to fix it?

Thanks,

Marcelo Costa
Porto Alegre, Brazil

Avatar
Discard
simo br

have you found any solutions ? i also have the same issue

Avatar
Chris TRINGHAM
Best Answer

The res.partner.rule.private.employee rule is used for the "private address" functionality - Private Addresses are only accessible for users in the "Access to Private Address" group and blocked for other users.

If you remove the two record rules related to private addresses (res.partner.rule.private.group and res.partner.rule.private.employee) then you will lose that functionality but your Record Rule should work.

Making your Record Rule global should also work because global record rules can't be bypassed, whereas all non-global rules applying to a user will take effect (an 'OR' relationship).

https://odootricks.tips/record-rules

Avatar
Discard
ayman awad ali

Hello, the rule is working, but the user can't make new contact.
access error is (This restriction is due to the following rules: Own contacts)
How can i fix it ?

Ameen Alkurdy

@ayman I'm having the same problem did you fix it ?

Franco Helguera

Same problem, any fix ?

Chris TRINGHAM

If these are questions about the suggested Record Rule on users only being able to see their own contacts, this could be set not to apply on creation.