User permissions and access rights in Odoo 10

Question

Hello.  I am running Odoo 10 CE. I have a user configured to be allowed
access only to sales related documents -- for use by a sales person.
The sales person should not have access to anything under Purchases.
Under Access Rights, the user has only been added to three security
groups:  Sales - User: All Documents, Accounting & Finance -
Billing, and Employees - Employee.  However, I just discovered that the
user can edit purchase orders created by Administrator.  While the
Purchases menu is not

subbarao · Accepted Answer

You are right Michael, But the problem is here
Accounting & Finance - Billing   user have create and write permissions for Purchase Order.
You can check it from Settings/technical/database structure/models
search for purchase order and check in access rights tab.

Michael Rutherford · Answer

Yes, thank you Subbarao. I found that later. I removed write access for the Billing security group in the ACL, as I don't believe a Billing user will need that access in this case. I was confused because I assumed that if a user wasn't added to a security group for Purchases, it would have no access to models under Purchases. I see now that is not a safe assumption. Thanks for your answer.

Bài viết liên quan	Trả lời	Lượt xem
[V12] create Group to remove right to modify followers Đã xử lý security permissions access_rules access rights 12.	1 thg 12 22	4583
Access per user and per record security access record_rules permissions userpermissions	0 thg 6 17	3430
How to segregate contact records using record rules security record_rules permissions	2 thg 11 24	1319
Internal Users can't log into second website why? Đã xử lý users permissions userpermissions	2 thg 3 24	5122
Allow "Write a note" and Send a message to users with no write access (Odoo 13) security access rights Odoo13	0 thg 12 22	3100

Câu hỏi này đã bị gắn cờ

Bạn có hứng thú với cuộc thảo luận không? Đừng chỉ đọc, hãy tham gia nhé!