Odoo18 General Readonly Access

by

Summary

The problem at hand is to provide a general readonly access to users in Odoo18 for modules that do not explicitly have a readonly access role. This requires understanding Odoo’s access rights system and determining if such an approach aligns with Odoo’s design structure.

Root Cause

The root cause of this issue is the lack of a default readonly access role in Odoo18 for certain modules. This leads to:

  • Inconsistent access control across different modules
  • Difficulty in managing user permissions for modules without explicit readonly roles
  • Potential security risks due to overly permissive access rights

Why This Happens in Real Systems

This issue occurs in real systems due to:

  • Incomplete module configuration: Modules might not be fully configured to include all necessary access roles
  • Custom module development: Custom modules may not follow the standard access control patterns of Odoo
  • Evolution of system requirements: Changing system requirements can lead to gaps in access control as new modules are added or existing ones are modified

Real-World Impact

The impact of not having a general readonly access includes:

  • Security vulnerabilities: Overly permissive access can lead to data breaches or unauthorized modifications
  • Data integrity issues: Inconsistent access control can result in data inconsistencies or loss
  • Compliance problems: Failure to meet access control standards can lead to compliance issues

Example or Code (if necessary and relevant)

# Example of how to create a custom access role in Odoo
from odoo import models, fields

class CustomAccessRole(models.Model):
    _name = 'custom.access.role'
    _description = 'Custom Access Role'

    name = fields.Char(string='Role Name')
    model_id = fields.Many2one('ir.model', string='Model')
    perm_read = fields.Boolean(string='Read Access')

How Senior Engineers Fix It

Senior engineers address this issue by:

  • Creating custom access roles: Developing custom roles to fill gaps in access control
  • Configuring module access: Ensuring all modules have appropriate access roles configured
  • Implementing role hierarchies: Establishing role hierarchies to simplify access control management
  • Regularly auditing access rights: Periodically reviewing and updating access rights to ensure they align with system requirements

Why Juniors Miss It

Junior engineers might overlook this issue due to:

  • Lack of experience with Odoo’s access rights system
  • Insufficient understanding of security and compliance requirements
  • Focus on functional requirements over access control
  • Limited knowledge of custom module development and configuration