Access Rights#
There are 5 levels of access rights: Model , Actions, Field, Button and Record Rule. They are based on the user’s group membership. If any of those levels are violated, an error is raised.
The access rights are checked if the Transaction.context
has the key _check_access
set to
True
(set by default by RPC.check_access
) and if the
user
is not root
.
Model#
They are defined by records of ir.model.access
which define for each couple
of model and group, the read
, write
, create
and delete
permission. The permissions are related to the
ModelStorage
methods with the same name and on
search()
using the read
permission.
If any group the user belongs to has the checked permission activated, then the user is granted this permission.
If there is no record for the model, then access is granted to all users.
Note
Relation fields for which the user has no read access are automatically removed from the views.
Actions#
Each ir.action
has a groups
field which contains a list of user groups
that are allowed to see and launch it.
There is a special case for wizard for which the read access on the model is also checked and also the write access if there is no groups linked.
Field#
They are defined by records of ir.model.field.access
and work like those
for Model but are applied to fields.
Note
Fields for which the user has no read access are automatically removed from the views.
Record Rule#
The record rules are conditions that records must meet for the user to be
granted permission to use them.
They are defined by records of ir.rule.group
which contains:
a model on which it applies
the permissions granted
a set of user groups to which the rule applies
a global flag to always enforce
a default flag to add to all users
a list of
ir.rule
with a domain to select the records to which the rule applies.
A rule group matches a record if the record is validated by at least one of the domains. The access is granted to a record:
if the user belongs to a group which has at least one matching rule group that has the permission,
or if there is a default matching rule group with the permission,
or if there is a global matching rule group with the permission.
Otherwise the access is denied if there is any matching rule group.
Note
Records for which the user has no read
access are filtered out from the
search()
result.