Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

Müşteri İlişkileri Yönetimi
e-Commerce
Muhasebe
Envanter
PoS
Proje Yönetimi
MRP

All apps

All Posts People Badges

Etiketler (View all)

odoo accounting v14 pos v15

About this forum

Yardım

Access rights and record rules for user group

record_rules domain_filter access rights

1 Cevapla

5528 Görünümler

Benedikt Schnörr

Hey guys,
I'm setting up a new Odoo db right now and I want to create an access group that has read and write access to contacts, only if the custom selection field x_type in a contact has the value "value1".
This is my only access right in this group:
name: model: read: write:

res.partner contact yes yes

This is the only record rule:
name: model: domain: read: write:

value1 contact [('x_type','=','value1')] yes yes

The problem is that the user in this group can still read and write to all contacts even though he is in no other access groups besides "internal user". Also "creating contact" in the user settings is deactivated.
Apparently, the access right works, but the record rule is not restricting the access right.

I have the free version 16 installed on debian 11 with the crm, contacts and mass mailing modules.

Can anyone help me with this problem? Is the domain maybe wrong or is there anything else I have to set up?

Chris TRINGHAM

Limiting access on Contacts can be tricky. This might be helpful: https://odootricks.tips/about/building-blocks/security/record-rules/

Benedikt Schnörr

Üretici

@Chris Thank you for the link, it helped a bit!

Benedikt Schnörr

Üretici En İyi Yanıt

Edit: I figured it out.

There is a record rule in the predefined group "Internal User" called "res.partner.rule.private.employee" which grants full access to all contact entries by default. This rule overwrote my own rule so it couldn't work. I limited the predefined rule's access to read only or deleted it, then my own rule worked.

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Üye Ol

İlgili Gönderiler	Cevaplar	Görünümler
Domain Filtering help: Is there any operator like 'includes' or 'contains', which will do the inverse of 'child_of' operator? Çözüldü record_rules domain_filter	2 Eki 22	12654
Access Rights in Odoo 15 Çözüldü record_rules access rights odoo15	2 Eki 24	1677
How to limit the view of other contacts for different users Çözüldü contacts record_rules access rights	1 Tem 24	2389
What should be the domain filter for filtering all customers of a salesteam? salesteams record_rules domain_filter	0 Mar 15	4483
How can we ensure that portal users can see models from all companies? portal record_rules multicompany access rights	0 Eki 25	611

Bu soru işaretlendi

Enjoying the discussion? Don't just read, join in!