Community mailing list archives

community@mail.odoo.com

Re: User Rights and Permissions

by
Odoocker
- 01/15/2016 20:32:36
Hi Eric

Thanks for your time and the links but we had a look already before and this documentation is more or less worthless as it does not help at all. 

It looks like Odoo does not delete its cookies after a certain time in Odoo 9 when closing the browser and than mixing them up somehow.

Yesterday we had the case in an other Agency case to solve where they were actually getting internal server errors 500. We cleared the cache of all browsers and still in log an error appeared with the following message:

Sorry, you are not allowed to access this document. Only users with the following access level are currently allowed to do that:\n- Human Resources/Officer\n\t- Purchases/Manager\n\t- Purchases/Manager\n\t- Purchases/User\n\t- Inventory/Manager\n\t- Project/User\n\t- Sales/User: Own Leads Only\n\t- Sales/Manager\n\t- Other Extra Rights/Portal\n\t- Sales/Manager\n\t- Sales/Manager\n\t- Sales/User: Own Leads Only\n\t- Accounting & Finance/Adviser\n\t- Human Resources/Employee\n\t- Other Extra Rights/Contact Creation\n\t- Other Extra Rights/Portal\n\t- Other Extra Rights/Public\n\n(Document model: res.partner)', None

We than duplicated the database and have setup a second site with same result. After being able to access that duplicate from the website login, we deinstalled some debranding modules and than duplicated that site back to the former domain. still we got the above error in Safari when logging out of the dev2 site we also got the above error and were no more able to login again. Fortunately we had a second instance still open in Opera on the same Computer and here we deinstalled the website module. After doing that we duplicated that database (only the database) again to the original domain and were able to access the backend again.

There really would need other solutions like that to solve those permission problems which did not came up the first time in Odoo9. 

A proper CMS or ERP will have a time limit on cookies after which they will expire. Otherwise people can simply login to the site like they want as it looks like Odoo is not setting an expiry date.

The other permissive parts we like to get more information about are actually those technical features and extra fields like Portal and Public. when do they take affect. 

It is very hard to find a valuable description what they actual do, allow, not allow!

Thanks for your help

Cori









On Fri, Jan 15, 2016 at 7:33 AM, Caudal Eric <caudaleric@gmail.com> wrote:

On Thu, Jan 14, 2016 at 8:07 PM Cocopapa <cocopapa@gmail.com> wrote:
Can anybody suggest a good resource to know more about User Rights and Permissions in Odoo 9?

It seems like Odoo 9 does not handle permissions properly. i.e. we created a new user with a new email. 

we logged out and logged in with that new user.

Now still the email address of the admin user shows in the top bar! why?

Also this user seems to be able to see nearly all modules even he hasn't even been assigned as user of them. Is there a way so that a user can only see what he is actualy allowed to use?

Thanks

Cori

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe

--

Eric  Caudal (from my mobile)

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe