Odoo, a powerful open-source ERP and business management software, provides a robust security framework allowing administrators to control record access through record rules. Record rules define the conditions under which a user can read, write, create, or delete records in a specific model.
In this blog post, we will guide you through the process of creating record rules in Odoo 17.
There are four access modes within record rules: CREATE, READ, WRITE, and DELETE. CREATE permits users to generate new records, READ enables users to view records, WRITE empowers users to modify records, and DELETE grants users the authority to delete records. By specifying these access modes in our record rules, we exercise precise control over users' actions with the records within our model.
Now, let's examine the specific XML code used to create a record rule in Odoo 17.
Here's a practical example:
<record id="demo_record_user_rule" model="ir.rule">
<field name="name">User can only see their own records</field>
<field name="model_id" ref="model_id"/>
<field name="domain_force">[('user_id', '=', self.uid)]</field>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
<field name="perm_create" eval="0"/>
<field name="perm_write" eval="0"/>
<field name="perm_unlink" eval="0"/>
<field name="perm_read" eval="1"/>
</record>
Here, we're making a rule called "demo_record_user_rule." The "name" field is just a clear description of the rule. The "model_id" field specifies which kind of data this rule applies to.
The "domain_force" field is where we outline the criteria for the record rule. Here, we're utilizing the "user_id" field to limit access to records based on the current user's ID. With the domain set to "[('user_id', '=', self.uid)]", it means users can only view records where the "user_id" field aligns with their individual ID.
The "groups" field is where we identify which user groups have permission to use this record rule. In this case, we're granting access to users belonging to the "base.group_user" group.
For the "perm_read," "perm_write," "perm_create," and "perm_unlink" fields, we determine the types of actions users can perform with this record rule. In this instance, users are permitted to read records but are restricted from creating, modifying, or deleting them.
Once we've set up our record rule using XML, we place it in the security folder of our Odoo module. This action makes the record rule visible in the Record Rules menu under the Security section in Odoo 17.
You can find the rule we made in the Record Rules menu within the security settings.
We have the option to create a record rule directly from this here.
Verify the effectiveness of your record rule by testing it with the specified conditions. Ensure that the rule aligns with your data access control requirements.
Implementing record rules in Odoo 17 empowers you to finely tune data access, enhance security, and streamline your business processes. By leveraging this feature, you can take command of your data and ensure that users interact with information in a manner that aligns with your organization's policies.
To read more about creating record rules in Odoo 16, refer to our blog How to Create Record Rules in Odoo 16