Effective access control is essential for maintaining data integrity, operational transparency, and user accountability within any organization. In Odoo 18, managing who can view, create, or modify purchase-related records is easier and more structured. This blog will walk you through how to configure and differentiate access rights for users in the Odoo 18 Purchase module, helping you ensure secure and efficient procurement workflows.
Types of Users in Odoo 18
In Odoo, user types define the level of interaction and access a person can have with the system. Broadly, users are categorized into three roles:
- Internal Users: These are users within your organization who actively engage with Odoo’s core business applications. They are assigned roles such as Purchase User or Purchase Administrator, enabling them to manage procurement tasks depending on their responsibilities.
- Portal Users: These refers to external individuals such as a customer, supplier, or stakeholder who interacts with the system through a limited-access interface. They are granted limited, read-only access to specific data (like orders or invoices) relevant to them. They do not belong to internal user groups and cannot modify records.
- Public Users: These represent an anonymous visitor who accesses your website without signing in or having a registered account. Public users only have access to content made available on the website and cannot interact with backend modules like Purchase.
Managing Access Rights in the Purchase Module
To configure access permissions, go to Settings > Users & Companies > Users. Click on a user to open their configuration form. From here, access permissions can be modified under the Access Rights tab.
Under the Multi Companies section, you can also set which companies a user can access (Allowed companies) and assign a default company.
In the Purchase module of Odoo 18, access is structured around three primary roles: Administrator, User, and None. These roles determine the level of control and functionality available to each user within the system. When assigning new users, it's crucial to define their permissions clearly to maintain data security and ensure they interact with the platform appropriately. Proper role assignment helps avoid misunderstandings and restricts access to only what's necessary for each user's responsibilities.
The Administrator role in Odoo 18 offers the highest level of access within the Purchase module. Users with this role can configure system settings, oversee user permissions, and manage procurement workflows end-to-end. Since the Purchase module integrates with other business areas like Inventory, Accounting, and Sales, administrators can also monitor performance across departments and adjust access levels accordingly.
Administrators are equipped to import supplier price lists and reference details, enabling more informed purchasing decisions based on supplier quotes, volume discounts, and contractual terms. They can also monitor stock levels at vendor locations and track order progress directly within the application.
In addition to handling RFQs (Requests for Quotation) and Purchase Orders, admin users can set up and manage Purchase Agreements, control vendor information, update product details, and handle billing and approvals. This role ensures complete visibility and control over all procurement activities in Odoo.
The User role in Odoo 18 is designed for employees who actively work with the Purchase module but don’t require administrative privileges. Users are authenticated by their login credentials, and it’s important to note that not every employee in the organization needs to be an Odoo user — only those who interact with the system.
Assigning the User role ensures that team members can contribute efficiently to the procurement process. It supports a streamlined workflow by granting access to core features like creating purchase orders and managing vendor and product information, without exposing sensitive configurations or administrative settings.
In Odoo 18, security roles help control what users can see and do within each module. The Purchase User role provides access to essential procurement functions while restricting advanced settings. Users with this role can create Requests for Quotation (RFQs) and convert them into Purchase Orders, ensuring they can handle day-to-day purchasing tasks efficiently.
Additionally, they can manage vendor records and product information, allowing them to maintain accurate supplier and catalog data. However, access is limited to a subset of menus within the Purchase module — typically sections like Orders and Products — while more advanced features remain reserved for administrators.
Users assigned to the Purchase User role do not have access to advanced reporting tools, including the ability to create custom filters, shared views, or configure module-specific settings.
The final access level is "None", which can be assigned from the Access Rights tab within the user's profile. Selecting this option removes all access to the Purchase module and its features for that user.
Users with the "None" role for the Purchase module are fully restricted from accessing it or carrying out any related actions.
This summarizes how access permissions are configured for the Purchase module in Odoo 18.
In Odoo18, effective access control in the Purchase module ensures that every user’s permissions match their role and responsibilities. Defining roles such as Administrator, User, or None helps protect sensitive information, minimize mistakes, and keep procurement processes running smoothly. With clear permission settings, teams can work more efficiently, maintain data integrity, and focus on their specific tasks within the purchasing workflow.
To read more about How to Manage Purchase Order Approval in Odoo 17, refer to our blog How to Manage Purchase Order Approval in Odoo 17.