Chapter 3 - Odoo 15 Development Book

Access Rights

When adding a new data model, you need to define who can create, read, update and delete records. When we are creating an app, this can involve defining a new user group. If a user doesn't have any access rights, the odoo will not display your menus and views.

In Odoo, the user is the one who has access to the database. We can add as many users as we want, and we can decide which type of information the user can access by giving access rights to them.

Apart from utilizing custom code to limit access, Odoo has two main data-driven approaches for regulating or restricting data access. Both mechanisms are tied to specific users via groups: A user can be a member of any number of groups, and security mechanisms are related to groups, allowing security mechanisms to be applied to users.

For this, we can create a security directory on the module and add the ir.model.access.csv file to that.

There are such scenarios

  • Everyone will be able to see all the records
  • A new group of users called admins have to create, read, update, and delete the records.

Setting Access Right

Follows the following steps to create access right

1. Create a file security > groups.xml

<record id="new_user_group" model="res.groups">
    <field name="name">user</field>
    <field name="users" eval="[(4, ref(base.group_user'))]"/>

2. Add a file security> ir.model.access.csv


3. Add the files into the

'data': [


Cybrosys Technologies Pvt. Ltd.
Neospace, Kinfra Techno Park
Kakkancherry, Calicut
Kerala, India - 673635



Cybrosys Technologies Pvt. Ltd.
1st Floor, Thapasya Building,
Infopark, Kakkanad,
Kochi, India - 682030.



Cybrosys Techno Solutions
The Estate, 8th Floor,
Dickenson Road,
Bangalore, India - 560042

Send Us A Message