Odoo 16 Development Book

Access rights

The access rights are regulations that specify how a user can access a specific object. Access rights follow the CRUD model [create, read(search), update(write), delete]

  • Create: values for that object can be created by the user.
  • Read: the values of that object can be only seen by the user.
  • Update: the values of that object can be edited by the user.
  • Delete: the values of that object can be deleted by the user.

If a user doesn’t have access rights, the related menus and views are not displayed to the user.

The user is the only person who is allowed to access the database. We can create many users for a single database. They are identified with their own login and credentials. A user has no access privileges by default. It should be noted that not all firm personnel are necessarily Odoo users; rather, an Odoo user is someone who utilizes the program.

Odoo provides two primary data-driven strategies for controlling or restricting data access, in addition to using custom code to accomplish so. Through groups, both systems are linked to specific users: A user can belong to as many groups as they want, and security mechanisms are associated with groups; therefore, security mechanisms are applied to users.

Let’s assume a case that, we are going to create a custom model. So for giving access to users in this model, we need to add the security directory in the corresponding module. And add the ir.model.access.csv file to that.

Consider the below example

access_test_model, access_test_model, model_test_model, base.group_user,1,0,0,0


  • ‘id’ is indicating the external identifier.
  • ‘name’ is the name of ir.access.model
  • model_id/id refers to the model to which the access right applies. The standard way to refer to the model is model_<model_name>, where <model_name> is the _name of the model with the ‘.’ replaced by _. Seems cumbersome? Indeed it is…
  • group_id/id refers to the group to which the access right applies to.
  • perm_read,perm_write,perm_create,perm_unlink: read, write, create and unlink permissions

Finally, need to add this ir.model.access.csv file to the __manifest__.py file.

'data': [


Cybrosys Technologies Pvt. Ltd.
Neospace, Kinfra Techno Park
Kakkancherry, Calicut
Kerala, India - 673635



Cybrosys Technologies Pvt. Ltd.
1st Floor, Thapasya Building,
Infopark, Kakkanad,
Kochi, India - 682030.



Cybrosys Techno Solutions
The Estate, 8th Floor,
Dickenson Road,
Bangalore, India - 560042

Send Us A Message