Odoo 12 Development Essentials
上QQ阅读APP看书,第一时间看更新

Configuring access control security

Odoo includes built-in access control mechanisms. A user will only be able to use the features he was granted access to. This means that the library features we created are not accessible by regular users, even the admin user.

Changes in Odoo 12
The admin user is now subject to access control like all other users. In previous Odoo versions, the admin user was special, and bypassed security rules. This is no longer true, and we need to grant access privileges to be able to access Model data.

The central pieces for access security are the security groups, where the access rules are defined. Access for each user will depend on the groups he belongs to. For our project, we will create a to-do user group, to be assigned to the users we want to have access to this feature.

We give a group read or write access to particular Models using ACL. For our project, we need to add read and write access to the newly created to-do item model.

Furthermore, we can also set access rules for the record ranges users can access in a particular Model. For our project, we want the To-do Items to be private for each user, so to-do users should only be able to access the records created by themselves. This is done using the security record rules.