Odoo Help

0

0
1 Answer
0
Avatar

Ray Carnes

--Ray Carnes--
20921
| 10 7 11
Greater Los Angeles, Verenigde Staten
--Ray Carnes--

Business Analyst

OpenERP 6.1, 7.0; Odoo 8.0, 9.0, 10.0, 11.0 and 12.0.

Completed Odoo Functional and Technical Training.

Functional Areas:

  • CRM/Sales

  • Inventory

  • Manufacturing

  • Accounting

  • Purchasing

Major Skills:

  • Business Process Reengineering

  • Efficiency Consulting

  • User Needs and GAP Analysis;

  • Functional and Technical Design;

  • Prototyping and Proof of Concepts;

  • Requirements Specifications;

  • Agile Implementation;

  • Data Migration;

  • Configuration & Customization (UI and code);

  • Integration - Odoo and non Odoo Applications and Services;

  • Training and Knowledge Transfer;

  • Go Live Support;

  • Helpdesk;

  • Version Upgrades and Migration.

  • Accounting Expert.

I have over 20 years of experience empowering and enabling users with enterprise information systems that make a real and measurable difference in their ability to proactively manage their businesses and organizations. 

I am a skilled Communicator and I only take the serious things seriously!

Ray Carnes
26-12-13 18:40

Using groups to hide or give access to menus is more related to the needs of ergonomics or usability than the needs of security. It is a best practice to putting rules on documents and models instead of putting groups on menus. For example, hiding invoices can be done by modifying the record rule on the invoice object, and it is more efficient and safer than hiding menus related to invoices.

Similarly, using groups to hide or give access to views based on groups should also not be considered as meeting security needs.

From "Security in OpenERP: users, groups" at https://doc.openerp.com/trunk/server/04_security/

3 Comments
IBS Group
26-12-13 18:43

Thank your your answer, however your last suggestion does not work, I tested it but I could still access restricted views, the same goes for actions, which is the main thing I am asking about.

Ray Carnes
26-12-13 18:48

My suggestion was not to use groups for Views or Actions to meet your security needs.

IBS Group
26-12-13 19:13

Assign a group to some window action and try to access it directly through action=ID in the URL from a user that don't belong to that group and you should be able to execute that action and see its results.

Stel een vraag
Writer
Tag
Keep Informed
1 volger(s)
About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

Register
Odoo Training Center

Access to our eLearning platform and experience all Odoo Apps through learning videos, use cases and quizzes.

Test it now