User permissions and access rights in Odoo 10

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

ลูกค้าสัมพันธ์
e-Commerce
ระบบบัญชี
สินค้าคงคลัง
PoS
Project
MRP

All apps

All Posts คน เหรียญรางวัล

แท็ก (View all)

odoo accounting v14 pos v15

เกี่ยวกับฟอรั่มนี้

ช่วยเหลือ

User permissions and access rights in Odoo 10

security permissions userpermissions access rights

2 ตอบกลับ

8793 มุมมอง

Michael Rutherford

Hello. I am running Odoo 10 CE. I have a user configured to be allowed access only to sales related documents -- for use by a sales person. The sales person should not have access to anything under Purchases. Under Access Rights, the user has only been added to three security groups: Sales - User: All Documents, Accounting & Finance - Billing, and Employees - Employee. However, I just discovered that the user can edit purchase orders created by Administrator. While the Purchases menu is not available to the user, the user can still access the PO via a link in the notes for a transfer order connected to a sales order. It was my understanding that if a user is not added to a security group, they do not have any access rights to the objects in that group. Is that incorrect? I have made no customizations to the security groups. Is there something I'm missing? Thank you in advance for any guidance.

Sehrish

User permissions and access rights: https://goo.gl/4jAhtH

subbarao

คำตอบที่ดีที่สุด

You are right Michael, But the problem is here

Accounting & Finance - Billing user have create and write permissions for Purchase Order.
You can check it from Settings/technical/database structure/models

search for purchase order and check in access rights tab.

Michael Rutherford

ผู้เขียน

Yes, thank you Subbarao. I found that later. I removed write access for the Billing security group in the ACL, as I don't believe a Billing user will need that access in this case. I was confused because I assumed that if a user wasn't added to a security group for Purchases, it would have no access to models under Purchases. I see now that is not a safe assumption. Thanks for your answer.

สนุกกับการพูดคุยนี้ใช่ไหม? เข้าร่วมเลย!

สร้างบัญชีวันนี้เพื่อเพลิดเพลินไปกับฟีเจอร์พิเศษและมีส่วนร่วมกับคอมมูนิตี้ที่ยอดเยี่ยมของเรา!

ลงชื่อ

Related Posts	ตอบกลับ	มุมมอง
[V12] create Group to remove right to modify followers แก้ไขแล้ว security permissions access_rules access rights 12.	1 ธ.ค. 22	4628
Access per user and per record security access record_rules permissions userpermissions	0 มิ.ย. 17	3497
How to segregate contact records using record rules security record_rules permissions	2 พ.ย. 24	1403
Internal Users can't log into second website why? แก้ไขแล้ว users permissions userpermissions	2 มี.ค. 24	5231
Allow "Write a note" and Send a message to users with no write access (Odoo 13) security access rights Odoo13	0 ธ.ค. 22	3187

คำถามนี้ถูกตั้งค่าสถานะ

สนุกกับการพูดคุยนี้ใช่ไหม? เข้าร่วมเลย!