So my goal is to have group of users that are able to add new users but they should not have other admin privelages.

The way I want to solve it is by having group with permissions to only add users and another group with all the admin right. For this to be scure I need to prevent users in the first group from editing users in the second group.

I have module with this code:

<record model="ir.ui.view" id="view_user_readonly" >
    <field name="name">res.users.form.readonly</field>
    <field name="model">res.users</field>
    <field name="inherit_id" ref="base.view_users_form"/>
    <field name="arch" type="xml">
        <xpath expr="//field[@name='login']" position="attributes">
            <attribute name="readonly">True</attribute>
        </xpath>
    </field>
</record>

And it sets field to read only for all the users. I would like to change is so that it is readonly when the user we are trying to edit have the group base.group_system and we don't.

I tried adding code based on anwsers from the forum like this:

<record model="ir.ui.view" id="view_user_readonly" >
    <field name="name">res.users.form.readonly</field>
    <field name="model">res.users</field>
    <field name="inherit_id" ref="base.view_users_form"/>
    <field name="arch" type="xml">
        <xpath expr="//field[@name='login']" position="attributes">
            <attribute name="readonly">True</attribute>
        </xpath>
    </field>
</record>

<record model="ir.ui.view" id="view_user_readonly_settings">
    <field name="name">res.users.form.readonly.settings</field>
    <field name="model">res.users</field>
    <field name="inherit_id" ref="custom_user_fields.view_user_readonly" />
    <field name="groups_id" eval="[(6, 0, [ref('base.group_system')])]"/>
    <field name="arch" type="xml">
        <xpath expr="//field[@name='login']" position="attributes">
            <attribute name="readonly">False</attribute>
        </xpath>
    </field>
</record>

But it does not work as intended. It restrict everyone without "base.group_system" from editing and I need to allow other users to edit this field in some cases (for example while creating new users). Or if it is possible - set this field to readonly only when user we are editing have "base.group_system" and we don't.