Access Rights
When adding a new data model, you need to define who can create, read, update and
delete records. When we are creating an app, this can involve defining a new user
group. If a user doesn't have any access rights, the odoo will not display your
menus and views.
In Odoo, the user is the one who has access to the database. We can add as many
users as we want, and we can decide which type of information the user can access
by giving access rights to them.
Apart from utilizing custom code to limit access, Odoo has two main data-driven
approaches for regulating or restricting data access. Through groups, both systems
are linked to specific users: A user can belong to as many groups as they want,
and security mechanisms are associated with groups; therefore, security mechanisms
are applied to users.
For this, we can create a security directory on the module and add the
ir.model.access.csv file to that.
There are such scenarios.
- Everyone will be able to see all the records
- A new group of users called admins have to create, read, update, and delete the
records.
Setting Access Rights
Follow the following steps to create access rights.
1. Create a file security > groups.xml
<record id="group_hr_payroll_community_user" model="res.groups">
<field name="name">Administrator</field>
<field name="users" eval="[(4, ref('hr.group_hr_user'))]"/>
</record>
2. Add a file security> ir.model.access.csv
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_hospital_patient,access.hospital.patient,model_hospital_patient,,1,1,1,1
3. Add the files into the __manifest__.py
'data': [
'security/ir.model.access.csv',
'security/group.xml',
'views/patient.xml',
],