In the standard Odoo CE 12 Accounting, there are 3 primary roles for access right. Prior version of Odoo may used different terms for the following roles:
1) Billing - lowest level, who are assigned to do invoicing and payment (eg, Customer invoice, Vendor bill, Payment and Credit Notes).
Technical ID = account.group_account_invoice
2) Billing Manager - mid level, apart from invoicing and payment, will also access to some financial reports and configuration.
Technical ID = account.group_account_manager
3) Accountant - highest level, with full access to the Accounting module.
Technical ID = account.group_account_user
Click "Like" at the bottom of this blog, to motivate us to continue sharing more Odoo tips.
Accounting access is the most sensitive and critical in any company, and each company has its own organization team, department and access control.
As such, Odoo has the flexibility to customize the access right, with the following:
a) Menu Access
By controlling the visibility of the menu, the user will not be able to access it.
Example below is to allow the access for payment to only Accountant, in the view.
<record id="account.menu_action_account_payments_payable" model="ir.ui.menu"> <field name="groups_id" eval="[(6,0, [ref('account.group_account_user')])]"/> </record>
Alternatively, you can go to the Technical -> Menu Item.
Search for the menu name, eg, Payment, then add the group that allowed to access the menu.
b) Field Level and Button Access
By controlling the visibility of the button or field, the user will not be able to access it.
Example below is to allow the Invoice Cancel button to be visible to only Accountant/Billing Manager.
<record id="invoice_form_cancel_inherit_goexcel" model="ir.ui.view">
<field name="name">invoice.form.cancel.inherit.goexcel</field>
<field name="model">account.invoice</field>
<field name="inherit_id" ref="account.invoice_form"/>
<field name="arch" type="xml">
<xpath expr="//button[@name='action_invoice_cancel']" position="attributes">
<attribute name="groups">account.group_account_manager,account.group_account_user</attribute>
</xpath>
</field>
</record>c) Record Level Access
You may control that salesperson can only see his/her invoices, or in the customer portal, customer will only view his/her invoices or Billing user only see his/her invoices.
You may view this blog for the details.
d) Python Code
The last option is always the python codes.
Example below is to restrict only Accountant/Billing Manager can change the account code in the Account Invoice line.
@api.one
def _set_access_for_account_code(self):
if self.env['res.users'].has_group('account.group_account_manager') or self.env['res.users'].has_group('account.group_account_user'):
self.account_id_readonly = False
else:
self.account_id_readonly = True
account_id_readonly = fields.Boolean(compute="_set_access_for_account_code")In the Account Invoice Form.
<xpath expr="//field[@name='account_id']" position="attributes">
<attribute name="groups"/>
<attribute name="attrs">{'readonly':[('account_id_readonly','=',True)]}</attribute>
</xpath>Click "Like" at the bottom of this blog, to motivate us to continue sharing more Odoo tips.
Comments