Access Rights:
1. Access Rights define what actions users can perform on records (e.g., read, write, create, delete) within specific modules.
2. Each user is assigned a role, and each role is associated with specific access rights.
3. Access Rights can be set at the model level (for all records of a specific model) or at the record level (for individual records).
Users inherit access rights from their assigned roles.
Record Rules:
1. Record Rules define the conditions under which users can access or manipulate records in the database.
2. Record Rules are used to enforce row-level security by filtering records based on specified criteria.
3. They can restrict access to records based on user roles, groups, or other attributes.
4. Record Rules can be defined using domain expressions, which specify the conditions that records must satisfy to be accessible to users.
Here's an example to illustrate how Access Rights and Record Rules work in Odoo:
Let's consider a simple scenario where we have an Odoo module for managing employee records, including personal information such as salary details.
Access Rights:
1. We define different roles for users such as "HR Manager," "HR Officer," and "Employee."
2. The "HR Manager" role has full access rights (read, write, create, delete) to all employee records.
3. The "HR Officer" role has read and write access to employee records but cannot delete them.
4. The "Employee" role has read-only access to their own employee record but cannot view or modify other employees' records.
Record Rules:
1. We define a record rule for the "Employee" role to restrict access to employee records based on the logged-in user.
2. The record rule filters employee records based on the user's ID, allowing them to access only their own record.
3. This ensures that employees can view and update their own information but cannot access or modify records belonging to other employees.
Comments
Post a Comment