Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Security in odoo

547 vues

Publié le

Security is a major concern when an application is considered.
We can control what user can do and what user can't-do on a different level.
Control independently each of the four basic operations: read, write, create, and unlink.

Publié dans : Business
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Security in odoo

  1. 1. www.cybrosys.com Security in Odoo
  2. 2. INTRODUCTION • Security is a major concern when an application is considered. • We can control what user can do and what user can't-do on a different level. • Control independently each of the four basic operations: read, write, create, and unlink. • I.e. allow only read, allow only create, grant permission to create or delete only. • Also, we can hide fields or menus for some users and show them for others, make fields read-only for some users and make them editable for others. We use groups to control users.
  3. 3. • How to assign users to groups? • Security access in Odoo is configured through security groups: permissions are given to groups and then groups are assigned to users.
  4. 4. • Go to Settings > Groups
  5. 5. • Odoo has a lot of groups. Once you know about groups, • you can select groups from list of groups as shown in above figure. • For example, let examine Inventory/Manager. • You can select this group by scrolling down.
  6. 6. • Here you can see, you can add as many as users under Users tab so that only that users can view Inventory.
  7. 7.  Security mechanisms in Odoo • Aside from manually managing access using custom code, Odoo provides two main data-driven mechanisms to manage or restrict access to data. • Both mechanisms are linked to specific users through groups: a user belongs to any number of groups, and security mechanisms are associated with groups, thus applying security mechanisms to users.
  8. 8. • Access Control • In Odoo, views and menus are restricted to a user due to access right permission. Only admin has right to view all records. Access right permission is managed by creating an ir.model.access.csv file.
  9. 9. • This file can • a) Grant permission like read, write, update, and delete to a model. • • b) Can assign groups. If no group is assigned access right is applicable for all users. Else applicable only for users in that particular group • • Access controls are additive, for example, if the user belongs to one group which allows writing and another which allows deleting, they can both write and delete.
  10. 10. • Access rights
  11. 11. • To Create Access Control List in Odoo without custom code below is the process • The Access control lists determine the general permissions (read, write, create, delete) on each object. By default, the superuser has all permissions on all objects.
  12. 12. If admin provide right to users then Go to  Settings > Technical > Security > Access Controls List • Record Rules • Record rules are conditions that records must satisfy for an operation (create, read, update or delete) to be allowed. It is applied record-by-record after access control has been applied.
  13. 13. • A record rule has  a model  a set of permissions to which it applies  a set of user groups to which the rule applies, if no group is specified the rule is global  a domain used to check whether a given record matches the rule (and is accessible) or does not (and is not accessible).
  14. 14. • Field Access:- • The field can have groups attribute providing a list of groups. If the current user is not in listed groups, he will not have access to the field. • <button name=”toggle_active” type=”object” groups=”hr.group_hr_user” • <fiels name=”name”/> <field name=”company_id” group=”base.group_multi_company”
  15. 15. • Workflow Transition rules Workflow transitions can be restricted to a particular user.  Go to- Settings -> Workflow -> Transitions
  16. 16.  A Transition has: - Source Activity: which specify starting state of transition - Destination Activity: which specify ending state of transition - Signal(Button Name): which specify activity name - Condition: which is used to check if workflow instance progresses through the transition or not - Group Required: which specify the group.
  17. 17. Refer this link for more: https://www.cybrosys.com/blog/security-in-odoo
  18. 18. Thank You ! Cybrosys Technologies Pvt. Ltd. Neospace, Kinfra Techno Park, Kakkancherry, Calicut University P.O. Calicut Kerala, India - 673635. Cybrosys Ltd 15, ST Antonys Road, Forest Gate, London England, E79QA. Cybrosys Technologies Pvt. Ltd. 1st Floor, Thapasya Building, Infopark, Kakkanad, Kochi, Kerala, India-682030.