İçereği Atla
Menü
Bu soru işaretlendi
2 Cevaplar
8646 Görünümler

Hello.  I am running Odoo 10 CE. I have a user configured to be allowed access only to sales related documents -- for use by a sales person.  The sales person should not have access to anything under Purchases.  Under Access Rights, the user has only been added to three security groups:  Sales - User: All Documents, Accounting & Finance - Billing, and Employees - Employee.  However, I just discovered that the user can edit purchase orders created by Administrator.  While the Purchases menu is not available to the user, the user can still access the PO via a link in the notes for a transfer order connected to a sales order.  It was my understanding that if a user is not added to a security group, they do not have any access rights to the objects in that group.  Is that incorrect?  I have made no customizations to the security groups.  Is there something I'm missing?  Thank you in advance for any guidance.

Avatar
Vazgeç

User permissions and access rights: https://goo.gl/4jAhtH

En İyi Yanıt

You are right Michael, But the problem is here

Accounting & Finance - Billing   user have create and write permissions for Purchase Order.
You can check it from Settings/technical/database structure/models

search for purchase order and check in access rights tab.

 


Avatar
Vazgeç
Üretici En İyi Yanıt

Yes, thank you Subbarao.  I found that later.  I removed write access for the Billing security group in the ACL, as I don't believe a Billing user will need that access in this case.  I was confused because I assumed that if a user wasn't added to a security group for Purchases, it would have no access to models under Purchases. I see now that is not a safe assumption. Thanks for your answer.

Avatar
Vazgeç
İlgili Gönderiler Cevaplar Görünümler Aktivite
1
Ara 22
4501
0
Haz 17
3344
2
Kas 24
1213
2
Mar 24
5014
0
Ara 22
3025