By facilitating real-time information flow between all core business functions, enterprise resource planning (ERP) systems can save enterprises both time and money. However, the increased use of web and portal technologies and their growing connections to critical infrastructures, add a new set of high-risk targets for both outside hackers and insider threats.
One of the means of protecting one's system with Odoo is assigning roles and specifically tailor each user's access to every object, page, record, and even fields through the use of groups and access rights settings.
Users can belong, and often do belong, to more than one group and once a user is assigned to a group then they have all the permissions and options that are associated with that group.
To be able to understand the concepts used by Odoo, you need to fathom how they're distinguished:
Users:
A user is what we would call a physical representation of a person identified in the system by their login and password to access the system. A user can be an employee but not all employees can be users. By default, a user doesn't have access rights and they are assigned to one or more groups to gain certain access rights in order to perform some actions.
User Groups:
A group gives, determines, and sets certain access rights and record rules to users on different objects. An object/resource in the system contains access controls that you can grant to groups such as the following:
Access rights:
They are rules that define a user's access on a particular object (remember that adding a right to an object grants the right to all records of that specific object unless the set record rules state otherwise).
Record rules:
Records in an object are filtered according to the set record rules. They are like access filters that limit record access in an object for users according to the group. It's like a condition which the records must satisfy in order to be accessed; otherwise, they are filtered.
Odoo supports real access control at the field level too, as well as menu accesses. All of the above are things that vary with their flexibility of use and application as well as dynamics.
A nice thing about Odoo is the fact that they created such flexibility in order for the user and developer to not feel restricted and be able to craft their own security and accessibility rules. It's an awesome thing for many people like us partners, customers as well, to get entangled in and explore the intricate web of security development but for some other users, it's time-consuming.
To cut the time short and to solve that, Odoo has an open door for partners and users to create sets and modules related to security and access rights and make them available for those in need of them. Customization, as always, can be endless and every partner is unique in what they offer for their clients and on the App store.
We, Smart Way Business Solutions have created a set that fits the needs of most customers. There are too many customizations from where that came from and any request can be tailored according to every need individually, so don't be shy! Bring the requirements on!
Meet SWBS' Security-Pack!
SW - Import & Export Privileges
Allow/deny the action of export/import on certain work tables/models and specify privileged users with the ability to perform export/import actions on all models.
SW - Login Attempts Log
Secure your system against brute-force attacks and keystroke login programs and Protect users' privacy and sensitive data with the ability to limit user logins from certain locations (IP Addresses).
SW - Employee Payslip Access
Maintain employees' privacy by letting them access their payslips on Odoo's Payroll in read-only.
SW - SO Approvals Group
Add a level of approval obtained by a set group of specific users listed in the quotation upon creation in order to print/confirm it thereafter.
SW - Scrap Operations Approval
A new authentication level added under a new group to grant the ability to approve scrap operations.
SW - SO Privileged Confirm & Unlock
Gain the ability to set certain employees with the ability to confirm & unlock SOs.
