Groups
In Odoo, the user is the one who has access to the database. We can add as many
users as we want, and we can decide which type of information the user can access
by giving access rights to them.
Apart from utilizing custom code to limit access, Odoo has two main data-driven
approaches for regulating or restricting data access. Both mechanisms are linked
to specific users via groups: a user can be a member of any number of groups, and
security mechanisms are associated with groups, allowing security mechanisms to
be applied to specific users.
This is accomplished through the use of security groups. The administrator has both
a security group and a salesperson. Based on the security groups, we can design
record rules. In Odoo, we can also assign security groups to menus or fields, which
will display the menu or field for that security group.
All security-related files are under the security folder, we can create a new file
on the security for adding the group and also that will added on to the __manifest__.py
'data': ['security/ir.model.access.csv', 'security/security.xml'],
XML code for adding the security group
<record id="school_management_student" model="res.groups">
<field name="name">Student</field>
<field name="category_id" ref="school_management.school_management_accesss"/>
</record>
id: id of the record that is unique for each record and also that
will stored on the res_group table.
name: name of the record. It is a human readable name, and this
name is seen on the user interface.
When creating the user’s group, we only mention the name of the security group and
the category_id to which they belong. We have to create the category to give the
id of the category.
<record model="ir.module.category" id="school_management_accesss">
<field name="name">School Management</field>
</record>
The id of the category will be mentioned on the group's category_id. Under this
category, the security groups are visible.
We can see the security group on the UI
Go to Settings > Users & Companies > Groups
Also that we can see on the Settings > Users & Companies > Users > Access Rights
Hide/View menu based on Groups
In Odoo, menus and buttons play an important role in user experience. It is possible
to hide and show menu and buttons based on user groups. Let’s see this with an example.
We all are familiar with header tag in a form. Most of the buttons will be defined
inside this header tag. It is possible to add groups for a header tag or for single
buttons.
Consider a user group group_education_organisation_user which is used for a module
education_organisation. Hence the group can be referred as
education_organisation.group_education_organisation_user.
Below is the code to show the whole header section for a specific user.
<header groups="education_organisation.group_education_organisation_user">
//add button here
</header>
Below is the example to show button only for specified user group.
<button groups="education_organisation.group_education_organisation_user" name="get_top_score_students"
string="Get Top Score Students" class="oe_highlight" type="object"/>
Now let’s see the case of menu items. The normal definition of a menuitem is as follows.
<menuitem id="res_config_settings_menu"
parent="config_menu"
name="Settings" sequence="10"
action="education_organisation.res_config_settings_menu_action"/>
In most cases the Settings menu will be only shown for some user groups. Same groups
attribute can be used to achieve this. Specify the user group for the groups attribute.
<menuitem id="res_config_settings_menu"
parent="config_menu"
name="Settings" sequence="10"
action="dev_book.res_config_settings_menu_action"
groups="education_organisation.group_education_organisation_user"/>
It is also possible to specify more than one user group. Add all user groups category for
the groups attribute separated by commas.
<menuitem id="res_config_settings_menu"
parent="config_menu"
name="Settings" sequence="10"
action="dev_book.res_config_settings_menu_action"
groups="education_organisation.group_education_organisation_admin,education_organisation.group_education_organisation_user"/>