Hi,

    1. Create a Contractor User Group:

- Create a new group named Contractors (technical name: group_project_contractor).

- Make it inherit from Project User (project.group_project_user) so users can access timesheets but not configure projects.

    2. Set Access Control Lists (ACLs):

- For the model project.project → grant Read access only (no Create, Write, or Delete).

- For the model account.analytic.line → grant Read, Write, and Create access (no Delete).

    3. Define Record Rules:

- For project.project → use the domain: [('user_ids', 'in', [user.id])] to ensure contractors only see projects where they are added as members in the Allowed Users (Members) field.

- For account.analytic.line → use the domain: [('user_id', '=', user.id)] to ensure each contractor sees and manages only their own timesheet entries.

    4. Assign Contractors to Projects:

- Add each contractor to their assigned projects under the Members (Allowed Users) field.

    5. Restrict Permissions:

- Ensure contractors belong only to the Contractors group (not Project Manager or higher).

    6. Result:

- Contractors can access only their assigned projects.

- They can log and view only their own timesheets.

- They cannot create, edit, or delete projects.

- They cannot view other contractors’ projects or timesheets.

Hope it helps.

Hii,

after assign a project of user please make record rules 
Settings > Technical > Security > Record Rules
Model : project.project
Rule Name : as your Work
and set domain like 
[('user_id', 'in', [user.id)]

and also you can select group as per your requiement
i hope it is use full
here is pic of record rule

select access right as per you work

For Projects:

• Go to Settings > Users
• Select a user
• Under Access Rights, set:
  • Project: User
    • ❌ They can’t manage all projects
    • ✅ They can access only the projects they are assigned to

For Timesheets:

• Under Access Rights, set:
  • Timesheets: Employee
    • ✅ They can log and view their own timesheets