How to operate odoo field access control

In Odoo, access control of fields can be implemented in several ways; including restricting access to fields through model security rules, record rules, and field properties.

1. Use model security rules

Model security rules (also known as access control lists, ACLs) allow you to define which user groups can create, read, update, and delete (CRUD) operations on which models. While this is not a direct control of the field, it provides the basis for controlling field access.

Example:

# Add security rules XML file&lt;record  model=""&gt;
    &lt;field name="name"&gt;&lt;/field&gt;
    &lt;field name="model_id" ref="model_your_model"/&gt;
    &lt;field name="group_id" ref="your_module.group_your_group"/&gt;
    &lt;field name="perm_read"&gt;1&lt;/field&gt;
    &lt;field name="perm_create"&gt;0&lt;/field&gt;
    &lt;field name="perm_write"&gt;1&lt;/field&gt;
    &lt;field name="perm_unlink"&gt;0&lt;/field&gt;
&lt;/record&gt;

id: A unique identifier for the rule.
model: Specify which model the rule applies to.
group_id: Specifies which user group is affected by this rule.
perm_read: Whether to allow read operations.
perm_create: Whether to allow creation of operations.
perm_write: Whether to allow write operations.
perm_unlink: Whether to allow deletion.

2. Use record rules

Recording rules allow for more meticulous control over which records can be accessed by members of a specific user group. Indirect access control for specific fields can be achieved by using a combination of model security rules and record rules.

Example:

<record  model="">
    <field name="name">Your Model Rule</field>
    <field name="model_id" ref="model_your_model"/>
    <field name="domain_force">[('field_name', '=', 'specific_value')]</field>
    <field name="groups" eval="[(4, ref('your_module.group_your_group'))]"/>
</record>

domain_force: Defines the applicable conditions of the rule, that is, the rule applies only when the record meets this domain condition.
groups: Specifies which user group is affected by this rule.

3. Use field properties for access control

By directly using field properties in model definition, direct access control of fields can be achieved. Commonly used field properties includereadonlyandgroups。

Example:

from odoo import models, fields
class YourModel():
    _name = ''
    _description = 'Your Model Description'
    name = (string='Name')
    sensitive_info = (string='Sensitive Info', groups='your_module.group_your_group', readonly=True)

groups: Specifies that only users belonging to a specific user group can access this field. In this example, only belongyour_module.group_your_groupOnly users can seesensitive_infoField.
readonly: Specifies whether the field is read-only. In this example, even if the user can seesensitive_infofield, they can't modify it either.

This is the end of this article about odoo field access control. For more related odoo field access control content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!