Allow users to change their own data

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Contabilidad
Inventario
PoS
Project
MRP

All apps

Todas las publicaciones Personas Insignias

Etiquetas (Ver todo)

odoo accounting v14 pos v15

Acerca de este foro

Ayuda

Allow users to change their own data

configuration hr

3 Respuestas

210 Vistas

David Preuss

I have a problem in understanding access rights in Odoo 18 Community. Following is the situation:

I have users that are linked to employees. I want the users to be able to change their own private data for example the emergency contact.

When activating the option in the employee settings menue, and checking with a test user, I found a few things that I do not understand.

1. The employee can also edit their department, approver etc. which is a bit weird as this is not "their" data.

2. I also saw that the user can change the company details which also seems weird as I don't want a normal employee being able to change contact details or VAT numbers, address of the company (which I guess is related to the standard data that has write permissions for internal users.)

My question is:

What am I misunderstanding or doing wrong possibly?
If the behavior is as expected (which I can't seriously believe), how can I restrict access to company details (I tried already removing write access on standard data which did not yield a result) and give write access to own data, basically the tab private information in the users profile but not the work related information?

Thank you for your help

David

Gon Garcia

Mejor respuesta

Hello! until a better answer arrives, I'd suggest checking the permisions at Settings - General settings - "Manage Users"

through there you can edit "USERS", which is not the same as employees and Contacts.
to give them more or less permissons to edit, you need to check your users and groups access rights.

Those are a bit tricky. I'd suggest having a look at:
https://www.odoo.com/documentation/18.0/applications/general/users/access_rights.html

Cybrosys Techno Solutions Pvt.Ltd

Hi,

Why employees can edit department, approvers, and company data

* When you give an employee’s user permission to edit their own record, Odoo applies the general “write” rights on the hr.employee model.

* By default, this model has no distinction between private information (emergency contact, bank account, etc.) and work-related information (department, manager, job position). Both are just fields of the same model. That’s why users suddenly see and can edit fields you don’t want them to.

* The same applies to the res.company model: internal users often get write access by default to company contact details, which is why normal employees can change company VAT, phone number, or address.

How to solve it

To achieve your requirement (employees edit their private data, but not work/company details), you need to refine access control:

1- Record Rules:

Create a rule so that employees can only see/write their own employee record (['|',('user_id','=',user.id),('address_home_id.user_id','=',user.id)]).

2- Field-level security (requires customization):

In Odoo Community, you can’t natively restrict editing certain fields only. That feature (field-level ACLs) is more present in Enterprise + Studio. In Community, the workaround is to hide or readonly fields with groups in views.

Example: make the “Department”, “Manager”, “Company” fields attrs="{'readonly': [('id','!=',user.employee_id.id)]}" or restrict with groups_id.

3- Remove company write access:

Go to Settings → Technical → Security → Access Control Lists and adjust permissions on the res.company model so normal employees don’t have write rights. Usually, only “Settings” users should be able to edit company info.

You’re not doing anything wrong, it’s just that Odoo 18 CE doesn’t separate private vs work fields in the hr.employee model. To fix it, you’ll need to add a record rule limiting employees to their own record and adjust views/security groups so they can edit only private fields while company and work-related fields stay read-only.

Hope it helps.

David Preuss

Autor

Dear Gon,

thanks for the advice. This is basically the route that I have taken before.

The Test User has no rights except his own ones in the profile. Yet he is able to change the mentioned data. The individual access rights and record rules in the groups setting have not been touched by me so far.

Thanks a lot anyway for the URL to the documentation.

¿Le interesa esta conversación? ¡Participe en ella!

Cree una cuenta para poder utilizar funciones exclusivas e interactuar con la comunidad.

Registrarse

Publicaciones relacionadas	Respuestas	Vistas
I can't find hr_payroll in addons when I install Odoo 18 locally Resuelto configuration hr	1 abr 25	903
Automating Attendance Correction by Manager configuration hr	0 nov 24	896
Managing default users' permissions v16 - v18 configuration hr service	0 abr 25	17
Linking employees to user accounts Resuelto configuration accounting hr	1 mar 25	1348
@%JɆ₮฿ⱠɄɆ@#@Ø₣ł₵ł₦₳@#¿Cómo llamar a JetBlue desde República Dominicana? configuration	0 sept 25	8

Se marcó esta pregunta

¿Le interesa esta conversación? ¡Participe en ella!