OpenERP ver 7 - explaination for Security.xml

Question

<?xml version="1.0" ?>
<openerp>
    <data>
        <record model="ir.module.category" id="module_lunch_category">
            <field name="name">Lunch</field>
            <field name="description">Helps you handle your lunch needs, if you are a manager you will be able to create new products, cashmoves and to confirm or cancel orders.</field>
            <field name="sequence">16</field>
        </record>
        <record id="group_lunch_user" model="res.groups">
            <field name="name">User</field>
            <field name="category_id" ref="module_lunch_category"/>
        </record>
        <record id="group_lunch_manager" model="res.groups">
            <field name="name">Manager</field>
            <field name="implied_ids" eval="[(4, ref('group_lunch_user'))]"/>
            <field name="category_id" ref="module_lunch_category"/>
            <field name="users" eval="[(4, ref('base.user_root'))]"/>
        </record>
    </data>
</openerp>

I'm now stuck with security handling to my application.its code shows here

I refer documentation also for clarify the above xml code. but i'm not get good explanation for version 7 in documentation.i need to clarify below sections. please advice me to get clear idea about it

Please explain

ir.module.category means.?

<record model="ir.module.category" id="module_lunch_category">

model="res.groups" means.?

<record id="group_lunch_user" model="res.groups">

need to clarify whole below line

<field name="implied_ids" eval="[(4, ref('group_lunch_user'))]"/>

Answer 1

You can also refer Base, Sale, Account, Purchase, Manufacturing, Stock ... modules in OpenERP, for your reference. They all are well-maintained in respect of security.

Answer 2

1. <record model="ir.module.category" id="module_lunch_category">

This used to create category by your application name like purchase,warehouse, or your own module. For like particular group belong to this module, it is just a name of your moudle Like your module name bpl then you create a BPL in ir.module.category.

2. <record id="group_lunch_user" model="res.groups">

This is used to create group for this application, like you create user and you want to give access to this user of your application , then you add this group to your user.

Example for security reason you want to give some menu, some fields access by different user wise, so you create groups. Like you create "USER" and MANAGER group.

<record model="res.groups" id="group_bpl_manager">
            <field name="name">Manager</field>
        </record>


<record model="res.groups" id="group_bpl_user">
            <field name="name">User</field>
        </record>

These two groups created by you, in manager group have access to all menus and all fields, but user group have limited access, so which user you want to give full access you assign manger group and limited access then you assign user group to that user.

3.<field name="implied_ids" eval="[(4, ref('group_lunch_user'))]"/>

As define in Users of this group automatically inherit those groups means when you assign this group to any user it automatically also access all the group given in this field implied_ids.

Example for BPL Manager group when you assign to some user, you also want to assing many other group to that user when you assing this group, then you add many other groups to this group in "Inherited" implied_ids fields