In this blog we will discuss about how you can manage users and access rights.

Users and user roles are critical points concerning internal security in Odoo. Odoo provides several security mechanisms concerning user roles, all implemented in the odoo Server. They are implemented at the lowest server level. Odoo distinguishes three different concepts:

  • User : A person identified by its login and password. Note that all employees of a company are not necessarily odoo users, the user is somebody who accesses the application.
  • Group : A group of users that has some access rights. A group gives its access rights to the users that belong to the group. Ex: Sales Manager, Advisor, etc.
  • Security Rule : A rule that defines the access rights a given group grants to its users. Security rules are attached to a given resource, for example, the Invoice model.

Security rules are attached to groups. Users are assigned to several groups. This gives users the rights that are attached to their groups. Therefore controlling user roles is done by managing user groups and adding or modifying security rules attached to those groups.

Odoo defines a user as someone who has access to a database to perform daily tasks. You can add as many users as you need and, in order to restrict the type of information each user can access, rules can be applied. Users and access rights can be added and changed at any point.

Add User : If you want to add a new user then go to the settings > Users & Companies > Users.

It will list all the existing users in the database. If you want to create a new user then click on the “Create Button”.  For reference you can see the screenshot below.

8OSA3bgdH X4rlyNyqR9RQpUjNi8hCuUQ7Vzq1gq0TiOfy j0zQ0JTzmNscK7fzaitRU7LqSbMvphiV3feTPO9cktJROC KF4wDIhoc2k7WzlkrmX5AOrmvVha5ezEaS9QrjfA p

When you click on the create button, you can see the new window will open. For reference you can see the screenshot below.

MrQ0VcWGqcq Nr sXucx50AEr1S0xMgNWGxV5ASq GKCWDc2aLnPW 2CFZkZ1NDkQDG5dyQgjEvw2Lm5bRxc1 TgCyiDumpeLkf ljjgprFlwovtO89380U1UWpXjaDj3wtd08Fo
JpKoIaiaQBbonEwxGVXOA39kAQxWBQCmEagAxCHasRKcEjYpavpo3Lo7o JlBiPFQ iDaM3 TQhx75rUxejReFSNCa7TDzP qeRXJ2 F2uyK eJBPSxBtiCjJdO0 pvqXijOe td

To review Access Groups enable developer mode , navigate to Settings and select Users & Companies > Groups

By activating developer mode, there will be an option for selecting the type of user.

F9nNF3bdhTyK0eiKJtnGixdee4W60mB0jzZDP viW95GheFg6A2LA8O H2Fz eJyv tRqrCu1oUQWrkDEYlJzKYFcXjo9vL0jXJLE 09 u3DUFO28s2GkghA5R6ZDnyoqrq8uX9

Here you can see there are three types of users.

Internal users can access the application, defining user access to each module.

Portal users are usually customers also we have portal access; They only get to see their documents.

Public users can access the website using a URL; limited access is available for this type of user.

Portal and public users do not allow you to choose access rights.

Now click on the preference tab. Under the Preferences tab, the language and the user’s time zone can be changed. All the currently functional languages will be listed in the language selection. For activating the new languages, go to Settings -> Translations -> Languages.


When you are done editing the page and have Saved it, an invitation email is automatically sent to the user. The user must click on it to accept the invitation and create a login.

fxqMZPKzD4zi xVMrizVSc 7GCQB7ktkt61T7h3rutIQdAj1YJwrk m8TNjlNCJeGj4sjg5op9ssg

Deactivate User : To deactivate the user, go to the setting > Users & Companies > Users. When you click like that you will be able to see all the listed users which are created. Select the user record that needs to be deactivated and click on the action Archive. For reference you can see the screenshot below.

DPGUVBsk7NLSyN18BUyCP PHLDv88NfiWwkwM ahWF9tKurPXvEn6VKa588sjpB89 Wrl2foFlZ3CzegviT s1NHKvfl JYI9NoLKBOjk8N sgVZcrzyXheywms2BszgMZS5TgCl
gmMgMQDyiRC1xCfomAHhlBUegAw0ynqDZZjuSvh4W JT5CyynOhpDYZZLXhWKhO7 6CNqKWsEUfh6SwsvWtICB3kREx 4vltPvqUfJGn5y CCwdO5G1vyBUy4MObWnCgfgPI w73

Select Divya Vijay as highlighted above and then click on that.

mduUct EwhQylfXCa vyD70DH5pXyvLlNPPzC1t2GEuZOrKi gq65WdEElIl4LsIa71TIi8BCyJwZjYtqYfslkcV3WP4ij8Zv HSvEPMAcxAhgoyBnYMsu0eTqBMhs1Jb2VmU b8

When you click on the “archive” the message window will popup. For reference you can see the screenshot below.

nhnzehXembIKOa4m2JPQ25JGvtazzPgfXymD gu yJTc0bNkQbGNuQJ1Xxq1UVshQRdXZBMCNHQ5hkGDWag7U2WOWJwsAs64ZXOB 8Ldlbj8zcUaIO31zSSh DDTF0X03uLmENuy

If you want to, then click on the “OK” button else you can cancel it.

Password reset from the login page : If you want to reset the password from the login page, enable Password Reset permission in general settings.

svfdG4ujaR rrlpY1qS7pacyROlAK2 u9WLwEXhs0TrTkfomm6dRmkGH2Rl4lABz5 nobCGqE5nB 3RXwK 8FzwfYZGeeLrzgm6oiIvP7Gy9tfotzAdMF6dv91g938og6bmH6bI
b0P4osb3CUeI41vRiqv9XgHikIDcy51 GndTYdQPYbLpLRTzdnXESQrNRMVHUkMlx2ktpduhUfJaKUdE3RsOQykwj6awQffkNBXtIHdy 4dSTVf02UhuhYAOzv2D

Then go to the user’s window, select a user and click on the Send Password Reset Instructions button. An email will be sent to the user with a password reset link.

Change Password : If you want to change the password for a user then select the user for changing a user’s password, then click on action on “Change Password”.

JFvaGE2d1WCZK9NC41 7KXwu0QGcohUhdQgZQGMg1BTRRgE1eiLsgUHqlPTHMrZHn0sc6FJv1xIiQIA22GqkCyslgg8gwRGvudiOu5wZFF

When you click on the “Change Password” new window will popup where you have to enter a new password. For reference you can see the screenshot below.

PPc3g22uBEtTmIcvhZE6E2KKlCdDhtT4KvMrs9 6zq3GkkyvLiVHEfQKLC9FofoD22aT8slmX8RLUzRae4vDioOsb3rhJz4IrfW1Rv2VTqGrpjw7GYcKWGojqC3gXr9CEhdBHMq0

Access Rights : Access rights are rules that define the access a user can have on a particular object . Those global rights are defined per document type or model. Rights follow the CRUD model: create, read (search), update (write), delete. For example, you can define rules on invoice creation. By default, adding a right to an object gives the right to all records of that specific object.

It is essential to have these rules to prevent confusion and ensure that the database is secure.

You can also set the custom access rights for new users from the general setting.

n9kvXaYquUcH6YYLwK 5 uHbzlx 31n7C0lkhv7LxkSjGX0T5xLvLJpKFXhXxwAGjSSIQRZtcBrKEELv WotAmBnxOiD9i93BD5ZbXVwxi OdjOSiKyuqHYV2Wg 3 X0YA 6z 4T

In the user’s form, we choose the group that defines the user access to specific applications. Let us know more about user groups.

Bb fOo5c5U2prbNG68RSGYnxUQQ0cZJIIq7WTneFfVdFU5Rz4UciIMaeWbtyqkqW3wula5jSiEz w2Xzwr Ufi 3F83fRtreHRkmicWz2mOtK4roCNlcRPTvVIauJE tjQjVJl8z

When you click on the groups, you can see all the listed groups which are already created. You can choose from them or you can create a new one. At that moment I am selecting the highlighted group. For reference you can see the screenshot below.

g8r8RZShAXaiSAcef H9 B4szxgkvS9LkPanAeFjnTuaGblylKdn2v8d2UJg51Tg3vLrBkQ4NpswYQSoJA0

Let’s check the Manufacturing/Administrator group. Users with administrative access rights are shown in the Users tab; you can also add a user to this group by clicking the add a line button; corresponding users’ access rights are updated on the user’s form. For reference you can see the screenshot below.

oPx4XLpg3T75cdtLI HrSCiOBs yW7Uyq6bgUr

Inherited means that the users added in this group are also added to the groups listed in the Inherited tab. Whenever a user is added to the manufacturing/Administrator group, he will also get added to the manufacturing/User: All Documents group. It means that the user will also have the all-access rights of the manufacturing/User: All Documents group. For reference you can see the screenshot below.

AvSpXIpfVokrSeuE25p86AXa9BqlTmw0ABwJKln9k1gsJbqVbt4VANkNj7UyhfR UabJ0lykBdFbtZ2Y2YYiEbA G18c7aYSKyCCn4y47lOz dX3PHsq91g4esqNPKcWbPnbTLhd

The Menus tab is where you define which menus (models) the user can have access to. 

XcgMJqlUo4k5by82KT1LBeOnNYy fSExFk1gz6WW0

Access Rights rules are the first level of rights. The field is composed of the object name, which is the technical name given to a model. For each model, enable the following options as appropriate:

Read : The values of that object can be only seen by the user.

Write : The values of that object can be edited by the user.

Create : The values for that object can be created by the user.

Delete : The values of that object can be deleted by the user.

fceyl irmQ46cFmLtRSD95QppjO6zHpNIFG5 5VU2hrkWqoHM1650rcQTYz8mgQqE4jncYI6af3mN0Oi0SErMGN9g 0TR8vvKZv9v54

Record Rules : When accessing an object, records are filtered based on record rules. Record rules or access filters are therefore filters that limit records of an object a group can access. A record rule is a condition that each record must satisfy to be created, read, updated (written) or deleted. Records that do not meet the constraints are filtered. For example, you can create a rule to limit a group in such a way that users of that group will see business opportunities in which he or she is flagged as the salesman. The rule can be salesman = connected_user. With that rule, only records respecting the rule will be displayed.

In the other words Record Rules are formed as a secondary layer of editing, which is used to overwrite or refine the rules. It’s written using the domain. A domain represents the list of conditions, which filter the record, and we can assign read, write, create and delete access on them.

I hope this information will help you to understand the workflow of users and access rights and through this you will also understand how you can manage users and access rights in Odoo V15.

Leave a Reply

Your email address will not be published. Required fields are marked *