İçereği Atla
Menü
Bu soru işaretlendi
1 Cevapla
3928 Görünümler

Hey guys,
I'm setting up a new Odoo db right now and I want to create an access group that has read and write access to contacts, only if the custom selection field x_type in a contact has the value "value1".
This is my only access right in this group:
name: ​model: ​read: ​write:

res.partner ​contact ​yes ​yes

This is the only record rule:
name: ​​model: ​domain: ​read: ​write:

value1 ​​contact ​[('x_type','=','value1')] ​yes ​yes

The problem is that the user in this group can still read and write to all contacts even though he is in no other access groups besides "internal user". Also "creating contact" in the user settings is deactivated.
Apparently, the access right works, but the record rule is not restricting the access right.

I have the free version 16 installed on debian 11 with the crm, contacts and mass mailing modules.

Can anyone help me with this problem? Is the domain maybe wrong or is there anything else I have to set up? 

Avatar
Vazgeç

Limiting access on Contacts can be tricky. This might be helpful: https://odootricks.tips/about/building-blocks/security/record-rules/

Üretici

@Chris Thank you for the link, it helped a bit!

Üretici En İyi Yanıt

Edit: I figured it out.

There is a record rule in the predefined group "Internal User" called "res.partner.rule.private.employee" which grants full access to all contact entries by default. This rule overwrote my own rule so it couldn't work. I limited the predefined rule's access to read only or deleted it, then my own rule worked.

Avatar
Vazgeç
İlgili Gönderiler Cevaplar Görünümler Aktivite
2
Eki 22
11715
2
Eki 24
1030
1
Tem 24
1510
0
Mar 15
3787
0
Tem 24
3