Access Rights
When adding a new data model, you need to define who can create, read, update and delete
records. When we are creating an app, this can involve defining a new user group. If a
user doesn't have any access rights, the odoo will not display your menus and views.
In Odoo, the user is the one who has access to the database. We can add as many users as
we want, and we can decide which type of information the user can access by giving
access rights to them.
Apart from utilizing custom code to limit access, Odoo has two main data-driven
approaches for regulating or restricting data access. Both mechanisms are tied to
specific users via groups: A user can be a member of any number of groups, and security
mechanisms are related to groups, allowing security mechanisms to be applied to users.
For this, we can create a security directory on the module and add the
ir.model.access.csv file to that.
There are such scenarios
- Everyone will be able to see all the records
- A new group of users called admins have to create, read, update, and delete the
records.
Setting Access Right
Follows the following steps to create access right
1. Create a file security > groups.xml
<record id="new_user_group" model="res.groups">
<field name="name">user</field>
<field name="users" eval="[(4, ref(base.group_user'))]"/>
</record>
2. Add a file security> ir.model.access.csv
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_record_id,access.record.id,model_record,,1,1,1,1
3. Add the files into the __manifest__.py
'data': [
'security/ir.model.access.csv',
'security/group.xml',
],