Security groups
Access control is based on groups. A security group is given access to Models, and this will determine the menu items available to the users belonging to that group. For more fine-grained control, we can also give access to specific menu Items, views, fields, and even data records (with Record Rules).
The security groups are also organized around apps, and typically each app provides at least two groups: Users, capable of performing the daily tasks, and Manager, able to perform all configurations for that app.
Let's create a new security group. In the Settings top menu, navigate to Users & Companies | Groups. Create a new record using the following values:
- Application: Leave empty
- Name: To-do User
- Inherited tab: Add the User types / Internal User item
This is how it should look like:
The to-do app is not available yet in the Application selection list, so we added it directly from the Group form.
We also made it inherit the Internal User group. This means that members of this group will also be made members of the Inherited groups (recursively), effectively having the permissions granted to all of them. Internal User is the basic access group, and app security groups usually inherit it.
Before Odoo 12, the Internal User group was called Employee. This was just a cosmetic change, and the technical identifier (XML Id) is still the same as in previous versions: base.group_user.