Reputation: 614
Allow user to add new users only with his Allowed Companies and permissions
I want to make a Group that will allow its users to add new ones, but only with Allowed Companies and permissions that they themselves have. Currently group Administration/Access Rights does provide users with ability to create new users, but it does not restrict in any way permissions that they can assign.
I've tried modifying permissions for Access Rights group. I have found Record Rule for object Company in that group and I modified it like this:
[(1, '=', 1)]
changed to:
['|',('company_id','=',False),('company_id','child_of',[user.company_id.id])]
I basically copied it from the other rules restricting users to their own companies. But then when user with that group is trying to access any user it crashes and gives an error:
ValueError: Invalid field 'company_id' in leaf "<osv.ExtendedLeaf: ('company_id', '=', False) on res_company (ctx: )>"
I also moved both administration groups (Access Rights and Settings) to the different application - Extra Rights. That was the only way for me to restrict options that users can see. And that way if user have access to user editing he can not simply change anything in there (like give himself Setting permission. I really don't get it why Odoo choosed that behavior.
Steps to reproduce the problem: - Create multiple companies (for the sake of this example CompanyA, CompanyB, CompanyC) - Add user with group Administration / Access Rights and assign him to some of the companies (not all of them - for example only Company A and B)
Current behavior: User with given group is able to modify Allowed Companies field (for all the users) and add companies that he does not have access to - in this example he can extend his Allowed Companies with CompanyC.
Expected behavior: User with given group is able modify Allowed Companies field of all the users but is not able to assign Allowed Companies that he himself doesn't have.
Upvotes: 0
Views: 943
Answers (1)
Reputation: 726
You can add domain to allowed companies so user with that group only can access allowed company field or you can modify record rule. Check this link found similar question
Upvotes: 2
Related Questions
- Filter Contact Records based on user's allowed companies in multi-companies
- Override create method to Restrict user from creating a new record based on condition Odoo13
- Update res users form based on default company in odoo14
- odoo security restrict company from opening general setting
- Odoo restrict regular user
- How to restrict access to partners by create_uid
- Limit products to company assigned to user in multi-company Odoo 9
- Multi Company Restriction in Odoo 9
- Odoo v8: How to limit user access to contacts
- How to tag Users to Company?