When introducing a new data model in Odoo, it's essential to define
who has the permissions to create, read, update, and delete records.
Additionally, when developing a new app, creating a dedicated user
group is necessary. Without proper access rights assigned, Odoo will
hide the corresponding menus and views from users.
Odoo allows you to add as many users as needed, with each user
granted access to the database based on assigned permissions. Access
to specific data can be controlled by configuring user access
rights.
To manage data visibility and control, Odoo provides two main
data-driven security mechanisms: Access Rights and Record Rules.
These are assigned to users through user groups. Since a user can
belong to multiple groups, the security settings associated with
those groups collectively determine the user’s permissions within
the system.
Let us now build a security directory on the module and add the
ir.model.access.csv file to it.
Scenarios are
- Everyone can see every record.
- Admins are the new group of users. They can read, create,
delete, and update the records.
Setting Access Rights
Consider the following procedures to create access rights:
1. Create a file security –> groups.xml
<record id="new_user_group" model="res.groups">
<field name="name">user</field>
<field name="users" eval="[(4, ref('base.group_user'))]"/>
</record>
2. Add file security –> ir.model.access.csv
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_visa_application_user,access.visa.application.user,model_visa_application,base.group_user,1,1,1,1
3. Add the files into the __manifest__.py
'data': [
'security/groups.xml',
'security/ir.model.access.csv',
],