On Odoo 12 is possible to create a user and assign to it the "Access rights" group. As pointed also in https://www.odoo.com/it_IT/forum/help-1/question/administration-settings-and-access-rights-7270 this user is now able to create another user with "Settings" group, and feels a little bit strange due to the fact that a user with "Settings" can manage the whole system including install or remove application and change system settings while a user with "Access Rights" group cannot, but actually has the possibility to create a user with "Settings" group who is actually a superuser.
How prevent user with "Access Rights" group to create user with "Settings" group?
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- 会計
- 在庫
- PoS
- プロジェクト
- MRP
この質問にフラグが付けられました
5
返信
16517
ビュー
Hi Stefano:
One way to do this would be to do the following:
Ensure that the user with Administration / Access Rights does not have Extra Rights / Technical Features privileges. This will prevent the user from using the Settings > Users & Companies > Groups menu item to add a user directly to a security group.
Customize the "Users" form and make the Administration field accessible only to users in the Administration / Settings group by adding a groups="base.group_system" attribute to the field.
Hello,
I am using Odoo 14 Community Edition.
Can someone show me, please
where I can find the Administration / Settings to add groups = "base.group_system"?
Many Thanks
Earlier, I had tried to do it myself, but that was too technical and time-consuming for me.
But after some research, I found this module on Odoo app store. Here is the link
https://apps.odoo.com/apps/modules/16.0/restrict_access_right_user
Hope it helps.
I don't think it is possible (as standard).
You are right that once you grant a user access to Administration (either of the two user access groups) you are giving them the ability to manage both Settings and User Access.
In a typical Odoo implementation this is probably OK, because you wouldn't have two separate people needing access to settings and user access. Do you have a requirement to set it up that way?
The method proposed from Paresh worked nice, thanks!
I also needed a couple of additional steps, because after this the user with "Access Rights" group is still able to clone/edit an user with "Settings" group, so:
added a record rule for the group "Access rights" to prevent edit all the users except administrator.
added a record rule for the group "Settings" to give the possibility to edit user adminstrator.
I don't think adding record rules will do the job because as long as the group "Access Rights" can edit record rules, it can modify all the security
| 関連投稿 | 返信 | ビュー | 活動 | |
|---|---|---|---|---|
|
1
4月 25
|
4569 | ||
|
0
3月 24
|
1902 | ||
|
0
10月 22
|
3070 | ||
|
|
0
9月 22
|
2360 | ||
|
1
7月 22
|
6169 |
