Chapter 7 - Odoo 15 Development Book

Access Rights

When adding a new data model, you need to define who can create, read, update and delete records. When we are creating an app, this can involve defining a new user group. If a user doesn't have any access rights, the odoo will not display your menus and views.

In Odoo, the user is the one who has access to the database. We can add as many users as we want, and we can decide which type of information the user can access by giving access rights to them.

Apart from utilizing custom code to limit access, Odoo has two main data-driven approaches for regulating or restricting data access. Through groups, both systems are linked to specific users: A user can belong to as many groups as they want, and security mechanisms are associated with groups; therefore, security mechanisms are applied to users.

For this, we can create a security directory on the module and add the

ir.model.access.csv file to that.

There are such scenarios.

  • Everyone will be able to see all the records
  • A new group of users called admins have to create, read, update, and delete the records.

Setting Access Rights

Follow the following steps to create access rights.

1. Create a file security > groups.xml

<record id="group_hr_payroll_community_user" model="res.groups">
   <field name="name">Administrator</field>
      <field name="users" eval="[(4, ref('hr.group_hr_user'))]"/>

2. Add a file security> ir.model.access.csv


3. Add the files into the

'data': [


Cybrosys Technologies Pvt. Ltd.
Neospace, Kinfra Techno Park
Kakkancherry, Calicut
Kerala, India - 673635



Cybrosys Technologies Pvt. Ltd.
1st Floor, Thapasya Building,
Infopark, Kakkanad,
Kochi, India - 682030.



Cybrosys Techno Solutions
The Estate, 8th Floor,
Dickenson Road,
Bangalore, India - 560042

Send Us A Message