Understanding Field Level Access Rights in Odoo
This video is for those that need more security than standard roles and group security can provide. Learn how to configure field level access rights.
Understanding Odoo's basic security access rights
Customizing views to restrict fields to specific user groups
Once again, a real world example from Odoo Class
Why would I want to have field level access control in Odoo?
Restrict temporary or part-time workers from data they do not need to see.
In many instances companies find themselves with some positions in which employees need access to some information on a view in Odoo but it is not necessary or even desireable to see all of the information in the record that perhaps management or administrators need to see. Odoo (formally OpenERP) must provide views that allow all of the necessary information to be collected. In this video on Odoo access rights we specically focus on a common example in which you simply don't want some users of the system to see data that is sensitive... yet you still want them to be able to access other fields on that same view / form.
It makes the system easier to use and the forms less cluttered
When there are unnecessary fields on a forrm it makes it that much harder for users to concentrate on the information that is important. Does the person entering 200 tickets an hour need to see every last field on the view or would it be better to set them up a group so they see only the information they need to complete the task?
It's important to learn all aspects of Odoo's access rights before configuring Odoo for production
In now several decades of consulting on ERP systems and of course Odoo it is not unusual to see attempts to install and configure Odoo without having a clear understanding of exactly how users, groups, access rights, record rules, and other components of Odoo's framework fit together to allow permissions to various models in the system. Part of the reason for this is that Odoo is very easy to install and setup and it does a great job of hiding a lot of the complex access rights. Much like the importance of clearly understanding the accounting & finance aspects of Odoo it is critical that anyone performing Odoo integrations have a clear grasp of user access rights and permissions.
Why should I use groups to restrict access rather than removing the fields?
If I don't need users to see a given field would it be better to just remove it from the form entirely?
No. This is a bad idea because Odoo may have processes and other depencencies that are expecting that field to be available on the form. If you strip out the field it may break another view that is inheriting from that form and could in fact create problems in your database that would require steps to recover from. Instead it is better to restrict the fields using groups like we do in the video or alternatively if you need to hide the field for all users then use the invisible attribute to hide the field entirely. It is better to hide or restrict the field than to ever remove it from a view.