The creation of record rules involves defining filters that determine access to records within an object. These rules, known as access filters, control the generation, reading, updating, or removal of records based on specific criteria. Record rules can either grant or restrict access to individual records for particular user groups.
Here's an example of creating a record rule:
<record id="school_student_rule" model="ir.rule">
<field name="name">Student Records</field>
<field name="model_id" ref="model_school_student"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('school_management.school_management_student'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
Breaking down the code:
- id: A unique identifier for the record.
- name: The user interface-visible name of the record.
- model_id: Specifies the model to which the record rule applies, using the reference format model_modelname. In this case, the model name is school_student, so the reference is model_school_student.
- domain_force: Defines the filtering criteria for the record rule.
- groups: Indicates the groups that will use this record rule, with the eval attribute using the (4, ...) syntax.
- perm_read, perm_write, perm_create, perm_unlink: Set permissions for read, write, create, and unlink operations. If eval is True, permission is granted; otherwise, it is denied.
To access record rules, enable the debug mode and navigate to "Settings -> Technical -> Record rules" in the user interface.