Odoo includes built-in access control mechanisms. A user will only be able to use the features he was granted access to. This means that the Library features we created are not accessible by users. The admin
user can because it is a special case; the access control mechanisms don't apply to it.
The access control is based on Groups. A security Group
is given access to Models, and this will determine the menu items available to the users belonging to that Group. For more fine-grained control, we can also give access to specific Menu Items, Views, Fields, and even data records (with Record Rules).
The security Groups are also organized around apps, and usually each app provides at least two Groups: User, capable of performing the daily tasks, and Manager, able to perform all configurations for that app.
We cover this topic in more detail in Chapter 5, Import, Export, and Module Data, but will give a short introduction to it here, so that our users can use the Library app.
Let's create a new security Group. In the Settings
top menu, navigate to Users & Companies
| Groups
. Create a new record using the following values:
- Application: Type
Library
, and select theCreate "Library"
option in the popup - Name:
User
- Inherited tab: Add the item
Employees / Employee:
>
The Library app is not available yet in the Application selection list, so we added it directly from the Group form.
We also made it "inherit" the Employee
Group. This means that members of this Group will also be made members of the inherited Groups (recursively), effectively having the permissions granted to all of them. Employee
is the basic access Group, and app security Groups usually inherit it.
Now we can grant access to specific Models to the Library / User
Group. We can use the Access Rights
tab of the Groups
form for this. Add an item there, using these values:
- Object: select
Library Book
from the list - Read, Write, Create and Delete Access: Checked
- Name:
Library Book User Access
The Name attribute is just informative but is mandatory. The Model access can also be managed from the Technical
| Security
| Access Control List
menu item.
We don't need to add access to the Partner
model because we inherit the Employees
Group that already has access to it.
We can now try this new security group on a user. If you are using an Odoo instance with demo data installed, you should have the Demo
User
that we can use for this. If not, no problem, you can create or use an existing user. The point here is to not use the admin user, since it has special security privileges and bypasses access control.
Select the Users & Companies
| Users
menu item and edit the Demo
form:U
ser
In the Access Rights
tab, in Application Accesses
section, we should see a Library
option, where we can select the User
security group. Select it, save, log out from the Administrator account, and log in with the demo
user (the default password is demo
).
If everything was done correctly, you should be able to see the Library top menu, and use it to add books and authors.