When we add a new data model, we must specify who may create,
read, edit, and remove records. When we develop a new app, we
must define a new user group. If we do not have access rights,
Odoo will not display our menus or views.
We can add as many users as we need in Odoo, and only the user
has access to the database. We may also decide what type of
information the user has access to by assigning access rights.
Odoo offers two key data-driven methodologies for regulating
or restricting data access. Both are assigned to certain users
via groups. A user can belong to any number of groups, and the
security mechanism is linked to groups, allowing security
mechanisms to be applied to users.
Let us now build a security directory on the module and add
the ir.model.access.csv file to it.
Scenarios are
Everyone can see every record.
Admins are the new group of users. They can read, create,
delete, and update the records
Setting Access Rights
Consider the following procedures to create access rights:
1. Create a file security > groups.xml
<record id="new_user_group" model="res.groups">
<field name="name">user</field>
<field name="users" eval="[(4, ref(base.group_user'))]"/>
</record>
2. Add file security> ir.model.access.csv
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_visa_application_user,access.visa.application.user,model_visa_application,base.group_user,1,1,1,1
3. Add the files into the __manifest__.py
'data':[
'security/ir.model.access.csv',
'security/groups.xml',
],