|
2 | 2 | Restricted administration rights |
3 | 3 | ================================== |
4 | 4 |
|
| 5 | +Description |
| 6 | +============ |
| 7 | +Using this module, you can restrict access to changing some settings of third-party modules. |
| 8 | + |
| 9 | +This module should be used with other modules that support access groups such as CRM, Sales and etc. |
| 10 | + |
| 11 | +The module makes impossible for administrator to set (or see) more access rights (access groups) than he already has. |
| 12 | + |
| 13 | +It also using for restrict changes to certain settings for specific users, who should be prevented from making important changes without the knowledge of the superuser. |
| 14 | + |
| 15 | +The only partial exception if user is already a member of the **'Allow add implied groups from settings'** security group. This user is allowed to escalate his privileges but just from Settings menus. |
| 16 | + |
| 17 | +Sure, it doesn't affect to superuser rights. |
| 18 | + |
5 | 19 | Installation |
6 | 20 | ============ |
7 | 21 |
|
8 | | -* `Install <https://odoo-development.readthedocs.io/en/latest/odoo/usage/install-module.html>`__ this module in a usual way |
| 22 | +* `Install <https://odoo-development.readthedocs.io/en/latest/odoo/usage/install-module.html>`__ this module in a usual way. |
9 | 23 |
|
10 | 24 | Configuration |
11 | 25 | ============= |
12 | 26 |
|
13 | | -* By default all users except a superuser restricted to escalate the privileges |
14 | | -* There is only one configuration option this module provides. Under superuser open menu ``[[ Settings ]] >> Users & Companies >> Users`` |
15 | | -* In ``Access Rights`` tab you can select 'Allow add implied groups from settings' - |
16 | | - to allow some users to configure modules by means of ``group_XXX`` fields from ``Settings`` menus |
| 27 | +- IMPORTANT NOTE: |
| 28 | + By default all users except a superuser restricted to escalate the privileges |
| 29 | + |
| 30 | + |
| 31 | +There is only one configuration option this module provides: |
| 32 | + |
| 33 | +1. Under superuser open ``[[ Settings ]] >> Users & Companies >> Users`` and select user's profile |
| 34 | +2. In ``Access Rights`` tab you can select **'Allow add implied groups from settings'** |
| 35 | +3. It allows some users to configure modules from ``[[ Settings ]]`` menus by means of boolean fields which **Field** value starts from **group_...**. (This info is displayed when hovering over the option name if developer tools is enabled) |
17 | 36 |
|
18 | 37 | Usage |
19 | 38 | ===== |
20 | 39 |
|
21 | | -Let's take ``Sales (sale_management)`` module as an example. |
| 40 | +Let's take a few examples. |
| 41 | + |
| 42 | +**In the first case:** we have installed this module and **Sales module** ``(sale_management)`` from ``[[ Apps ]]``. |
| 43 | + |
| 44 | +**Without this module installed:** |
| 45 | + |
| 46 | +- Say you have a user with administration rights ``"Administration: Access Rights"``. This user thus may increase his own rights in ``"Access Rights > Sales"`` from ``"Sales: User: Own Documents Only"`` to ``"Sales: Administrator"``. |
| 47 | + |
| 48 | +**With this module installed:** |
| 49 | + |
| 50 | +- The user from previous example cannot increase his privileges. There is no ``Sales: Administrator`` option for him, and also no ``Customer Addresses`` option in module configuration |
| 51 | + |
| 52 | +The only exception is done for users who are in special group **'Allow add implied groups from settings'** they may select ``"Customer Addresses"`` from ``[[ Sales ]]`` module ``Configuration >> Settings`` menu |
| 53 | + |
| 54 | + |
| 55 | +================= |
| 56 | + |
| 57 | + |
| 58 | +**In another case:** we have also installed this module and also **CRM module**. |
22 | 59 |
|
23 | | -Without this module installed: |
| 60 | +* In the screenshot. the user has an access right to the settings panel from his account. (``Administration: Settings``), but is not a member of the **'Allow add implied groups from settings'** access group so it is forbidden for him to set some checkboxes in the **CRM** tab. |
24 | 61 |
|
25 | | -* Say you have a user with administration rights ``Administration: Access Rights``. This user thus may increase his own rights in ``Application Accesses`` from ``Sales: User: Own Documents Only`` |
26 | | - to ``Sales: Administrator``. Also he can open menu ``[[ Sales ]] >> Configuration >> Settings`` and select ``Customer Addresses`` there |
27 | | - and then click ``[Apply]`` button (adding ``group_sale_delivery_address``) |
| 62 | +.. image:: access_restricted_screenshot.png |
28 | 63 |
|
29 | | -With this module installed: |
| 64 | +* If we give him access by adding to this group, the user will have access to make changes in forbidden fields. |
30 | 65 |
|
31 | | -* The user from previous example cannot increase his privileges. There is no ``Sales: Manager`` option for him, and also no ``Customer Addresses`` |
32 | | - option in module configuration |
33 | | -* The only exception is done for users who are in special group 'Allow add implied groups from settings' - if your user is included in this group by the superuser then you may select |
34 | | - ``Customer Addresses`` from ``Sale`` module ``Configuration >> Settings`` menu |
|
0 commit comments