Security is a major concern when an application is considered.
We can control what user can do and what user can't-do on a different level.
Control independently each of the four basic operations: read, write, create, and unlink.
• Security is a major concern when an application is considered.
• We can control what user can do and what user can't-do on a different level.
• Control independently each of the four basic operations: read, write, create, and
• I.e. allow only read, allow only create, grant permission to create or delete only.
• Also, we can hide fields or menus for some users and show them for others, make
fields read-only for some users and make them editable for others. We use groups to
• How to assign users to groups?
• Security access in Odoo is configured through security groups: permissions are given to groups
and then groups are assigned to users.
• Odoo has a lot of groups. Once you know about groups,
• you can select groups from list of groups as shown in above figure.
• For example, let examine Inventory/Manager.
• You can select this group by scrolling down.
• Here you can see, you can add as many as users under Users tab so that only that users
can view Inventory.
Security mechanisms in Odoo
• Aside from manually managing access using custom code, Odoo provides two main
data-driven mechanisms to manage or restrict access to data.
• Both mechanisms are linked to specific users through groups: a user belongs to any
number of groups, and security mechanisms are associated with groups, thus
applying security mechanisms to users.
• Access Control
• In Odoo, views and menus are restricted to a user due to access right permission. Only
admin has right to view all records. Access right permission is managed by creating an
• This file can
• a) Grant permission like read, write, update, and delete to a model.
• b) Can assign groups. If no group is assigned access right is applicable for all users.
Else applicable only for users in that particular group
• Access controls are additive, for example, if the user belongs to one group which
allows writing and another which allows deleting, they can both write and delete.
• To Create Access Control List in Odoo without custom code below is the process
• The Access control lists determine the general permissions (read, write, create, delete) on
each object. By default, the superuser has all permissions on all objects.
If admin provide right to users then Go to
Settings > Technical > Security > Access Controls List
• Record Rules
• Record rules are conditions that records must satisfy for an operation (create, read,
update or delete) to be allowed. It is applied record-by-record after access control has
• A record rule has
a set of permissions to which it applies
a set of user groups to which the rule applies, if no group is specified the rule is global
a domain used to check whether a given record matches the rule (and is accessible) or
does not (and is not accessible).
• Field Access:-
• The field can have groups attribute providing a list of groups. If the current user is not in listed
groups, he will not have access to the field.
• <button name=”toggle_active” type=”object” groups=”hr.group_hr_user”
• <fiels name=”name”/> <field name=”company_id” group=”base.group_multi_company”
• Workflow Transition rules
Workflow transitions can be restricted to a particular user.
Go to- Settings -> Workflow -> Transitions
A Transition has:
- Source Activity: which specify starting state of transition
- Destination Activity: which specify ending state of transition
- Signal(Button Name): which specify activity name
- Condition: which is used to check if workflow instance progresses through the transition or
- Group Required: which specify the group.
Refer this link for more:
Thank You !
Cybrosys Technologies Pvt. Ltd.
Neospace, Kinfra Techno Park,
Calicut University P.O.
Kerala, India - 673635.
15, ST Antonys Road,
Forest Gate, London
Cybrosys Technologies Pvt. Ltd.
1st Floor, Thapasya Building,