Chapter 7 - Odoo 15 Development Book

Record Rules

Apart from utilizing custom code to limit access, Odoo has two main data-driven approaches for regulating or restricting data access. The conditions that must be met for an operation to be permitted are known as record rules. Record rules are assessed on a record-by-record basis. Record rules are default-allow: access is permitted if access privileges allow it, and no rule applies to the operation and model for the user.

Record rule

There are various types of records in the business world. It's also critical to ensure that those records are kept secure. There are also some security regulations in Odoo. The rules specify who has access to the objects listed below. In record rules, we describe some conditions for certain operations.

In odoo, there are four types of access modes

  1. Create: Access for creating the record.
  2. Write: Access for writing the record.
  3. Delete: Access for deleting the record.
  4. Read: Access for reading the record.

Backend code for creating the record rule

<record id="school_student_rule" model="ir.rule">
    <field name="name">Student Records</field>
    <field name="model_id" ref="model_school_student"/>
    <field name="domain_force">[('user_id', '=',]</field>
    <field name="groups" eval="[(4,      ref('school_management.school_management_student'))]"/>
    <field name="perm_read" eval="True"/>
    <field name="perm_write" eval="False"/>
    <field name="perm_create" eval="False"/>
    <field name="perm_unlink" eval="False"/>

Here the record id is “school_student_rule” . The id is unique for each record, and that will be on the ir.rule model.

>name: Name of the record. It is a human readable name, and which will be shown on the user interface.

>model_id: Refers the model on which model we can using the record rule here the model id school_student so the ref is model_school_student.

>domain_force: Domain force acts as a filter for the record. We can set the domain for that record rule, for some particular groups. Default the domain_force is [(1, ‘=’, 1)].

<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>

perm_read, perm_write, perm_create, perm_unlink are the permission for read, write, create and edit respectively. eval=”true” means that we have the permission otherwise we don't have the permission.

We can see the permission on the UI

Go to general Settings > Technical > Security > Record Rules



Cybrosys Technologies Pvt. Ltd.
Neospace, Kinfra Techno Park
Kakkancherry, Calicut
Kerala, India - 673635



Cybrosys Technologies Pvt. Ltd.
1st Floor, Thapasya Building,
Infopark, Kakkanad,
Kochi, India - 682030.



Cybrosys Techno Solutions
The Estate, 8th Floor,
Dickenson Road,
Bangalore, India - 560042

Send Us A Message