How do I make records read only for users that do not own the record?

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Akuntansi
Inventaris
PoS
Project
MRP

All apps

Semua Post Orang Lencana-Lencana

Label (Lihat semua)

odoo accounting v14 pos v15

Mengenai forum ini

Help

How do I make records read only for users that do not own the record?

security

1 Balas

8447 Tampilan

Tyler K

I have a module I'm developing that allows users to submit Change Requests. All Change Requests must be visible to all users, but only the owner of a Change Request is allowed to edit that specific Change Request.

How can I implement this using Odoo's security mechanisms?

Right now, I have defined an access rule as follows (note that the group is empty to specify default employees group)...

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
document_app_change_request_user,document_app.change_request.user,model_document_app_change_request,,1,1,1,1

Also, I have defined a record rule as follows..

<record id="document_app_change_request_user_rule" model="ir.rule"
<field name="name">Change Request: Write permission for owners only.</field>
<field name="model_id" ref="model_document_app_change_request"/>
<field name="perm_write" eval="1"/>
<field name="domain_force">[('create_uid','=',user.id)]</field>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
</record>

luna_22

Hello, please if you found a solution, kindly share it, I have the same problem.
Thank you.

Krimi Shah

Hi Tyler,

According me, you need to make two types of users. One who is User and other one is Manager.

So as per the users, record rules will be applied. Below is the code which you can refer.

<!-- Record Rule: Property Managers -->
<record id="property_rule_manager" model="ir.rule">
	<field name="name">Property Manager</field
	<field name="model_id" ref="model_property"/>
	<field name="domain_force">[(1,'=',1)]</field>
        <field name="groups" eval="[(4,ref('hr.group_hr_manager')), (4,ref('hr.group_hr_user'))]"/>
        <field name='perm_create' eval='True'/>
        <field name='perm_read' eval='True'/>
        <field name='perm_unlink' eval='True'/>
        <field name='perm_write' eval='True'/>
</record>

<!-- Record Rule: for User -->
<record id="property_rule_user" model="ir.rule">
	<field name="name">Property User</field>
	<field name="model_id" ref="model_property"/>
	<field name="domain_force">[('partner_id','=',user.partner_id.id)]</field>
	<field name="groups" eval="[(4,ref('base.group_user'))]"/>
	<field name='perm_create' eval='False'/>
        <field name='perm_read' eval='True'/>
        <field name='perm_unlink' eval='False'/>
        <field name='perm_write' eval='False'/>
</record>

Tyler K

Penulis

Thanks for your response.

I'm not sure that your solution addresses my requirements. I need users to have write/delete access to the Change Requests they create; however, if someone else creates a Change Request, then the user should only have read access.

I guess what I'm trying to achieve is sort of like a post on social media. Users can edit their own posts, but they can't edit the posts of other users. This is the behavior I'm looking for.

Menikmati diskusi? Jangan hanya membaca, ikuti!

Buat akun sekarang untuk menikmati fitur eksklufi dan agar terlibat dengan komunitas kami!

Daftar

Post Terkait	Replies	Tampilan
what is the differance between access right and record rules in odoo ? Diselesaikan security	5 Sep 25	13930
User Session Bug. security	0 Jun 25	628
How to resolve the Access Error issue? security	0 Jan 25	1796
Lock/unlock feature in Transfers security	0 Jan 25	1826
User Access Restriction by IP in Odoo Diselesaikan security	1 Des 24	2469

Pertanyaan ini telah diberikan tanda

Menikmati diskusi? Jangan hanya membaca, ikuti!