In this blog, we will be discussing how to add users and manage their access rights in Odoo.
In Odoo, the user is the one who has access to the database. We can add as many users as we want, and we can decide which type of information the user can access by giving access rights to them.
Add Users
For adding a new user, go to settings? Manage Users or setting -> Users & Companies -> Users. It will list all the existing users in the database, and to create a new one, click on the Create button.
In the user form, fill the needed information. A user can be set for multiple companies; also we can specify the default company of the user. Under the Access Rights tab, we can select a group on each application to specify the user access. The applications will be listed based on applications installed on the databases.
By activating developer mode, there will be an option for selecting the type of user.
Internal users can access the application, defining user access to each module.
Portal users are usually customers also we portal access; They only get to see theirs to documents.
Public users can access the website using a URL; limited access is available for this type of user.
Portal and public users do not allow you to choose access rights.
Under the Preferences tab, the language and the user’s time zone can be changed. All the currently functional languages will be listed in the language selection. For activating the new languages, go to Settings -> Translations -> Languages.
An invitation mail will be automatically sent to the user at the given email address by clicking the Save button. The user can accept the invitation and create login credentials through the link.
Deactivating User
Go to Settings -> Users & Companies -> Users. Select the user record that needs to be deactivated and click on Action -> Archive.
Password reset from the login page.
To reset the password directly from the login page, enable Password Reset permission in general settings.
Then go to the user’s window, select a user and click on the Send Password Reset Instructions button. An email will be sent to the user with a password reset link
Change Password
Select the user for changing a user’s password, then click on Action than on Change Password.
It will open a popup where you can enter the new password.
Access Rights
These rules are used to control user access to the Odoo database. It depicts what a user can do in the database. It is essential to have these rules to prevent confusion and ensure that the database is secure.
In the user’s form, we choose the group that defines the user access to specific applications. Let us know more about user groups.
Activate the developer mode, and go to Settings -> Users & Companies ? Groups. It shows the list of all existing user groups. Access rules to models within an application are defined in groups. It will define the user access on models, menus, views, etc. Users added to this group will follow these rules.
Let’s check the Sales/Administrator group. Users with administrative access rights are shown in the Users tab; you can also add a user to this group by clicking the add a line button; corresponding users’ access rights are updated on the user’s form.
Inherited means that the users added in this group are also added to the groups listed in the Inherited tab. Whenever a user is added to the sales/Administrator group, he will also get added to the Sales/User: All Documents group. It means that the user will also have the all-access rights of the Sales/User: All Documents group.
You can define the menus accessible to this user group in the Menus tab.
The rights for controlling each model in the various applications are defined under the Access Rights tab. It is defined model-wise; we can select a model and set read, write, create and delete access right to that model. The Name will display the technical name of the model.
Record Rules are formed as a secondary layer of editing, which is used to overwrite or refine the rules. It’s written using the domain. A domain represents the list of conditions, which filter the record, and we can assign read, write, create and delete access on them.
The security of databases is critical to prevent unauthorized access, to safeguard the database against unauthorized access with two-factor authentication and access rights.