In Odoo, create a custom security group (e.g., Limited Billing Access) and add record rules on account.move and account.payment to restrict visibility to only the records created by the user ([('create_uid', '=', user.id)]).

This lets employees create and view only their own bills/payments, while hiding others.

1- Create a new security group

Go to Settings → Technical → Security → Groups

Create a new group:

Name: Limited Billing Access

Category: Accounting & Finance

2- Add Record Rules

Go to Settings → Technical → Security → Record Rules

Create these two:

(A) Restrict viewing bills/payments:

Name: Restrict Bills & Payments Visibility

Object: account.move

Domain: [('create_uid', '=', user.id)]

Groups: Limited Billing Access

Permissions: Read ✅ Write ✅ Create ✅ Delete ✅

This means users will only see bills/invoices they created. 


(B) Restrict access to payments:

Name: Restrict Payments Visibility

Object: account.payment

Domain: [('create_uid', '=', user.id)]

Groups: Limited Billing Access

Permissions: Read ✅ Write ✅ Create ✅ Delete ✅

This ensures they can record or create payments for their own entries only.

Assign the group

Go to Settings → Users → (Select User)

→ Under “Access Rights” → Enable Limited Billing Access

Make sure the user does not have:

• Accountant
• Billing Manager
• Adviser roles
  (these override record rules)

Hi,

To restrict employees from viewing customer and vendor bills or payments while still allowing them to create new bills, you can achieve this using Odoo’s access control and record rules. First, create a new user group called **“Bill Creation Only”** under *Settings → Users & Companies → Groups*. Then, adjust access control for the models **`account.move`** and **`account.payment`** under *Settings → Technical → Security → Access Control Lists*. Give this group create and write access for `account.move`, but no access for `account.payment`. Next, add a record rule for the `account.move` model with the domain `[('create_uid', '=', user.id)]` so that employees can only see bills they created themselves. For payments, create another record rule with the domain `[(0, '=', 1)]` to hide all payment records. Finally, assign this new group to the employee users and make sure they are not part of the Accountant or Advisor groups, which would override these restrictions. Optionally, you can hide accounting menus such as “Payments” and “Customer Invoices” by setting group visibility on those menu items. This setup ensures employees can generate and manage only their own bills without accessing financial records or payments of others.

Hope it helps.