Premium Video: Become an OdooClass.com subscriber to view the video below.

Understanding Field Level Access Rights in Odoo


This video is for those that need more security than standard roles and group security can provide. Learn how to configure field level access rights.

Video Length: 35 minutes Subscription only

Subscription Options

Understanding Odoo's basic security access rights

Please notice the associated videos below on managing users and group permissions in Odoo as  prerequisite to this video on field specific pemissions.
We begin the video by providing a basic review of how Odoo assigns access rights at the model level and how you can also use record rules to restrict recordings within models to specific groups of users. While this provides a great deal of power, there are times in which you need to restrict access to certain fields within records.

Customizing views to restrict fields to specific user groups

One of the most powerful features of Odoo is the ability for it to easily adapt to the processes of a wide variety of business operations. Businesses have specific requirements that often relate to security and what fields they would like individual employees to have access to.
Remember when managing users and groups in Odoo that all permissions are assigned at the group level... and then you put users into those groups. If you wish to assign user specific permissions that is typically not a good idea as it goes against Odoo's basic framework. You are better off creating a group for that user and putting the user in that group.

Once again, a real world example from Odoo Class

In this video we use a real world example. With great regularity as an ERP / Odoo consultant we are asked to hide information in HR systems from clerks and temporary employees that may assist the HR department. In this real example we demonstrate how to restrict permissions of identification and passport information so only HR managers can see that information instead of anyone in the HR department.
Learn permissions inside and out with Odoo Class's video subscription. If after watching this video you still have questions on user field level access please let us know. We want to make sure that access rights on the model, records and the fields are clear to all our subscribers.

Restrict temporary or part-time workers from data they do not need to see.

In many instances companies find themselves with some positions in which employees need access to some information on a view in Odoo but it is not necessary or even desireable to see all of the information in the record that perhaps management or administrators need to see. Odoo (formally OpenERP) must provide views that allow all of the necessary information to be collected.  In this video on Odoo access rights we specically focus on a common example in which you simply don't want some users of the system to see data that is sensitive... yet you still want them to be able to access other fields on that same view / form.

It makes the system easier to use and the forms less cluttered

When there are unnecessary fields on a forrm it makes it that much harder for users to concentrate on the information that is important. Does the person entering 200 tickets an hour need to see every last field on the view or would it be better to set them up a group so they see only the information they need to complete the task? 

It's important to learn all aspects of Odoo's access rights before configuring Odoo for production

In now several decades of consulting on ERP systems and of course Odoo it is not unusual to see attempts to install and configure Odoo without having a clear understanding of exactly how users, groups, access rights, record rules, and other components of Odoo's framework fit together to allow permissions to various models in the system. Part of the reason for this is that Odoo is very easy to install and setup and it does a great job of hiding a lot of the complex access rights. Much like the importance of clearly understanding the accounting & finance aspects of Odoo it is critical that anyone performing Odoo integrations have a clear grasp of user access rights and permissions. 

If I don't need users to see a given field would it be better to just remove it from the form entirely?

No. This is a bad idea because Odoo may have processes and other depencencies that are expecting that field to be available on the form. If you strip out the field it may break another view that is inheriting from that form and could in fact create problems in your database that would require steps to recover from. Instead it is better to restrict the fields using groups like we do in the video or alternatively if you need to hide the field for all users then use the invisible attribute to hide the field entirely. It is better to hide or restrict the field than to ever remove it from a view.