Odoo is a powerful business management tool, but with great power comes great responsibility – especially when it comes to data security. In a multi-user environment, managing user access and permissions is crucial to ensure only the right people have access to the right information. This blog post will guide you through the essential steps of user access control in the latest version of Odoo, Odoo 17.
Understanding the Tools: Groups and User Roles
Odoo manages user access through a system of roles and permissions. Administrators can create new users and assign them roles that grant access to specific applications and data within the system. These permissions can be customized to restrict the type of information each user can view, edit, or delete, ensuring data security and user accountability. Users and their access rights can be easily added and modified at any time to adapt to changing needs within the organization.
Odoo utilizes a two-pronged approach to access control: Groups and User Roles.
Groups: These are application-specific permission sets. Odoo comes pre-loaded with various groups for common tasks within each module (e.g., Sales Manager, Inventory User). You can customize these groups or create new ones to define specific permissions for models within an application (activate developer mode for this functionality).
User Roles: These are assigned to individual users and determine their overall access level within the system. User roles are assigned groups, granting the user the permissions associated with those groups. Odoo provides default user roles like Administrator and User, but you can create custom roles for more granular control.
Creating a Secure System: A Step-by-Step Guide
Odoo's access rights system, built on user roles and groups, empowers administrators to define what content and applications each user can interact with. This granular control ensures that users only have the permissions necessary for their tasks, minimizing the risk of unauthorized modifications or deletions. By granting access rights judiciously, you can safeguard your valuable business data and maintain data integrity.
Only an administrator can change access rights.
User access rights are assigned during user creation within the Odoo database. However, these permissions are not set in stone. You can easily adjust them at any point by editing the user's profile, ensuring their access remains aligned with their evolving responsibilities.
Odoo's groups streamline permission management by bundling common access rights for specific applications. Administrators can leverage pre-built groups and customize them, or create entirely new ones. This granular approach allows for defining permissions for individual models within an application, ensuring efficient user access control for large teams.
To set the suitable access rights for users in your system you should go through these steps:
Define User Roles: Identify the different user types within your organization and the level of access they require. For example, a Sales Representative might need access to create and edit quotations, while a Warehouse Worker might only need to view inventory levels.
Customize Groups (Optional): If Odoo’s pre-built groups don’t perfectly match your needs, customize existing groups or create new ones with the specific permissions required for each user role.
Assign User Roles: Create user accounts and assign them the appropriate user role based on their responsibilities. This grants them the permissions associated with the assigned groups.
Multi-Company Access (Optional): If your Odoo instance manages multiple companies, configure user access for each company. A user can have different access levels for different companies.
Pro Tip: It's good practice to follow the principle of least privilege. Grant users only the minimum level of access they need to perform their tasks effectively.
Creating Secure Users with Defined Permissions
Odoo 17 streamlines user creation with the ability to define access rights directly during the process. Here's how to create new users and assign them appropriate permissions:
Navigate to Users: Go to the Settings app and navigate to the "Users & Companies" section.
Create New User: Click the "Create" button to initiate the user creation process.
User Information: Fill out the user's details like name, email, and login.
Assign User Role: Here's where you define access rights. Select the pre-configured user role that best matches the user's responsibilities. This automatically assigns the groups associated with that role, granting the user the corresponding permissions.
Company Access (Optional): If you manage multiple companies, choose the companies the user will have access to. You can define different access levels for each company.
Additional Options (Optional): Odoo offers options to set a password expiration date, language preference, and internal notes.
Create User: Once satisfied with the configuration, click "Save" to create the user with their designated access rights.
Pro Tip: Utilize custom user roles for granular control. If a pre-built role doesn't perfectly match your needs, consider creating a custom role with specific groups assigned. This ensures users have the exact permissions required for their tasks.
By creating users and setting their access rights during the creation process, you can ensure a secure system from the very beginning. This eliminates the need for later modifications and streamlines user onboarding with clearly defined permissions.
Building Custom Access Levels: Creating New Groups and Setting Permissions
Odoo's pre-defined groups offer a solid foundation, but sometimes you need more granular control. Here's how to create new groups and define their access rights in Odoo 17:
Important Note: Creating and modifying groups requires activating Odoo's developer mode. Consult your Odoo documentation for specific instructions on activating developer mode.
Navigate to Groups: Within the Settings app, go to the "Users & Companies" section and select "Groups."
Create New Group: Click the "Create" button to begin the group creation process.
Group Details: Fill out the group information:
Name: Choose a descriptive name that reflects the group's purpose (e.g., "Inventory Specialists").
Application: Select the application this group will have access to (e.g., Sales, Inventory).
Define Access Rights: This is where you configure the specific permissions for this group. Expand the "Access Rights" section. You'll see a list of models (data structures) within the chosen application.
Model Permissions: For each model, you can define four permission levels:
Read: Allows users to view existing records.
Create: Allows users to create new records.
Write: Allows users to edit existing records.
Delete: Allows users to delete records.
Checkboxes: Select the appropriate checkboxes for each model to grant the desired access level for this group.
Save the Group: Once you've configured the access rights for each relevant model, click "Save" to create the new group with its defined permissions.
Advanced Tip: Utilize the "Menu Access" tab (available for some applications) to further restrict access to specific menus and functionalities within the application for this group.
By creating custom groups and defining their access rights, you can tailor permissions to your specific needs. This allows you to create user roles with highly granular control, ensuring each user has the exact level of access required for their job.
Additional Considerations
Restrict Administrator Permissions: While administrators have full access, consider limiting their day-to-day activities to system configuration and avoid using them for regular tasks.
Leverage User Tags (Optional): Odoo 17 introduces User Tags, which can be used for further access control within applications.
Third-Party Modules: Some third-party Odoo modules might come with their own permission settings. Ensure these are configured according to your security needs.
Remember: Odoo recommends consulting an Odoo specialist before making significant changes to user access controls, especially for complex setups.
By following these steps and best practices, you can ensure your Odoo system is secure and user access is properly controlled. This helps safeguard your valuable business data and foster a culture of data security within your organization.