Odoo User Permissions

Since Odoo is an all-in-one business management software, this means that user access is paramount to regulating which users should have access to which sets of data. Let’s start by examining the different types of users in Odoo, followed by an overview of the permission levels in the most commonly used apps. We’ll also provide a quick example of how to define a role and translate it into Odoo.

What types of Users Exist in Odoo?

Odoo has three different types of users that define how they interact with the database:

1. An Internal user in Odoo is essentially a backend database user who interacts with the different modules within the ERP.
2. A Portal user is an account holder on your website who has access to their purchases, sales, invoices/bills, etc. This user holds historical transactional records that can be accessed from the website portal.
3. A Public user is an unregistered website visitor who can view public content available on your website.

Assigning user permissions in Odoo will first require a clear definition of the roles within your company. Each permission level in Odoo gives users limited or full access to specific modules or, in some cases, no access at all.

Different Permission Levels

A user record within Odoo allows you to manage a user’s access rights. However, only the Internal User will have permission levels you can select. This is because permission levels are only necessary for backend users.

Generally speaking, if you leave a permission set BLANK, a backend user won’t even be able to see the module when logging in. The lowest permission set is generally called USER, and this usually only allows a user to interact with the module in a basic way without having access to module-specific settings or configurations, or even reporting. The highest permission set, typically ADMINISTRATOR, has access to module-specific settings and configurations, as well as data reporting for all records in the module.

Module Specific Permissions

• Sales module
  • User: Own Documents Only: A sales user will only be able to sell orders where they are set as the salesperson
  • User: All Documents: This user will be able to see all sales orders, even ones where they are not set as the salesperson.
• Inventory module
  • User: Will be able to process transfers (receipts, internal transfers, deliveries), but will not be able to create or delete products, only view.
  • Administrator: Can create, modify, and delete products. Manage warehouse and product configurations, including routes, locations, reordering rules, and put-away rules.
• Settings module
  • Access Rights: This allows a user to create, modify, or archive users, but does not allow them to interact with any technical features or database settings.
  • Settings: This allows a user to have complete access to the database-specific configurations, mail servers, and other technical features to configure your database.

Technical Permissions

Now, if you enter Debug Mode, you will see a list of technical permissions that can also be selected.

Examples:

• Access to export feature: This permission allows a user to have the ability to export data from Odoo
• Analytic Accounting: Will give your user the ability to create analytic accounts and analytic groups.
• Analytic Accounting Tags: Will give your user the ability to create analytic tags
• Access to Private Addresses: Will give the user access to contact type PRIVATE ADDRESS, which are usually employee private addresses for payroll.

What are User Groups?

A USER GROUP represents a collection of users that share common access rights or permission sets in Odoo. You can use this to give multiple users access to the same permission set all at once, rather than having to update each user.

Access Rights, and Record Rules smart buttons

These tools manage how users interact with records and access within the database. To break it down even further, an Access Right determines what actions a user can execute in a specific module in Odoo. Like CREATE, READ, WRITE, and DELETE.

A Record Rule can restrict the sets of data a user can access or edit based on specific criteria.

Setting up a User depending on their Role

The first step is to describe in layman’s terms what you would like the user’s current role to be within the company. Then, outline their responsibilities and the system elements they shouldn’t be able to view or interact with.

This will also help you identify gaps, enabling you to define the role within the database better.

Role Description & Permissions

Role Description: I have three salespeople who should be able to create new customers and look up historical customer information. Since they earn commissions based on their sales, I don’t want them to be able to see each other’s sales orders. I would like them to be able to see inventory availability of what we have in stock and what will come into stock. However, they shouldn’t be able to create products; instead, they should only be able to create special products that we purchase on behalf of our customers.

I also want them to be able to automatically generate a PO for orders of items we don’t have in stock. However, I don’t want them to be able to edit these orders or view all our company’s purchases.

Defining the Important Parts

• Role: Sales
• Allowed:
  • Sales order creation
  • Contact creation
  • Contact’s Historical sales records
  • Inventory availability and forecast
  • Special Product Creation
  • Automatic PO Creation
• Not Allowed:
  • View other sales where they are not the designated salesperson
  • Manage, manually create, or edit POs

Role Translated to in Odoo Permissions

• Sales: set User: Own Documents Only

Explanation of the Permissions

So, you are probably wondering why I didn’t include PO or special product permissions. The simple answer is that special product creation is a feature only available through Steersman Odoo and is available to any sales user. The PO, on the other hand, simply requires the user to inform the system whether the product should be drop-shipped or picked up from the vendor source, which is managed by the shipping method set per product group for a company with retail locations. Again, another feature only available in Steersman Odoo.

Sales: Own Documents Only will prevent a sales user from seeing other salespeople’s sales documents. Prevent them from accessing reporting, high-level configurations, or data intended for managing your sales department. The nice thing about this is that with Odoo steersman customization, the salesperson does not have to leave the sales order to go to the product to find availability or forecasted quantities; this is immediately visible from the sales order itself. But even then, salespeople can access

Although the description contained a lot of information, the required permissions were relatively simple, as Steersman Odoo provides the necessary details to your sales team without the need for additional permission sets or customizations.

Test your User’s Permissions

Now that the permission set is ready, you can test the user permissions by opening a private browser and logging in as that user. This will let you walk into the backend and test what this user would be able to do and see.

Find out more about Steersman Odoo Features

• Unrouted Email Dashboard
• POS Style Sale Order Management: A Powerful Combination
• Steersman Advanced Pricing Engine for Large Catalogs in Odoo