Odoo Server (MOVED TO GITHUB)

Fine grain access rule

Asked by OpenBMS JSC

Is it possible to define the fine grain access rule to record level, i.e. a particular user might be able to access certain records of a table/model while other users cannot (kind of data partitioning)? If this is possible, how it could be achieved? An example is highly appreciated.

Question information

Language:
English Edit question
Status:
Solved
For:
Odoo Server (MOVED TO GITHUB) Edit question
Assignee:
No assignee Edit question
Solved by:
Riken Bhorania (OpenERP)
Solved:
Last query:
Last reply:
Revision history for this message
Raphaël Valyi - http://www.akretion.com (rvalyi) said : 		#1

Yes, this is what access rules are for (as opposed to the static access
control lists), see Admin>Security>Rules

On Fri, Feb 4, 2011 at 4:59 AM, Phong Nguyen <
<email address hidden>> wrote:

> New question #144052 on OpenERP Server:
> https://answers.launchpad.net/openobject-server/+question/144052
>
> Is it possible to define the fine grain access rule to record level, i.e. a
> particular user might be able to access certain records of a table/model
> while other users cannot (kind of data partitioning)? If this is possible,
> how it could be achieved? An example is highly appreciated.
>
> --
> You received this question notification because you are a member of
> OpenERP Committers, which is an answer contact for OpenERP Server.
>

Revision history for this message
Best Riken Bhorania (OpenERP) (rch-openerp) said : 		#2

yes, it is possible to define the fine grain access rule to record level in OpenERP v6.

This type of access rule is called "Record Rule" in OpenERP and it can be defined from the menu : Administration/Security/Record Rules in v6.

There are three main fields that you need to configure carefully in order to define "Record Rule"
1. Object : on which you want to apply record rule. (in this example it is "Task" object)
2. Domain: Setup domain for filtering the data
3. Groups: Add group for which you want to apply this record rule. if nothing to add then this rule is apply globally which is usually used to configuring multi-company record rule.

I am going to explain such access rule by taking the example of "Task" object of OpenERP.

In my example, suppose my requirement is like this:

The user 'rch' can access only list of tasks of following kind...
1. list of all tasks which is not assigned to any user. i.e.('user_id','=',False)
2. list of all tasks Which is assigned to user 'rch'. i.e.('user_id','=',user.id)
1. list of all tasks of all the project's for which he is a member of. i.e.('project_id.members','in', [user.id])
2. list of all tasks of the project for which he is a project manager. i.e.('project_id.user_id','=',user.id)

Configure your record rule as follow:

1. Name: Tasks According to User and Project
2. Object: Task
3. Domain: ['|','|','|',('user_id','=',False),('user_id','=',user.id),('project_id.members','in', [user.id]),('project_id.user_id','=',user.id)]
4. Groups: project/User

Now add this group (project/User) to user 'rch'.

You can open the list of task using menu : Project/Project/Tasks in OpenERP v6.

Hope this will help you.

Revision history for this message
Ferdinand (office-chricar) said : 		#3

thanks for clarifing this
IMHO it would be nice to get a widget similar to "filter" to compose and edit domains in general

Revision history for this message
OpenBMS JSC (openbmsjsc) said : 		#4

Riken, thank you very much for very detailed explanations and example.

Revision history for this message
OpenBMS JSC (openbmsjsc) said : 		#5

Thanks Riken Bhorania (Open ERP), that solved my question.

Revision history for this message
pritesh (pritesh-modi24) said : 		#6

Hello

I am adding here some thing more in Fine grain access rule

 what is rule to be required to set for following scenario

1.rch can also access and see other project task which is assign to other project member of same project but can not edit it just read it.
   how can we achieve this by using record rule.

Thanks
pritesh