How to Implement Record Rules vs. Access Rights in Odoo?

How to Implement Record Rules vs. Access Rights in Odoo?

Understanding of Record Rules vs. Access Rights in Odoo

✅ What’s the Difference?

Feature	Access Rights	Record Rules
Scope	Model-level (create, read, write, delete)	Record-level (row-level access control)
Where Defined	ir.model.access.csv or UI (Settings > Technical > Security > Access Controls)	In UI (Settings > Technical > Security > Record Rules)
What It Controls	If a user can access a model	Which records the user can access
Enforced On	ORM operations	ORM filters & queries

📌 Real Use Case 1: Sales User should not delete Sale Orders

✅ Access Right Setup:

In ir.model.access.csv for model sale.order:

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink

sales_order_user,sales_order_user,model_sale_order,sales_team.group_sale_user,1,1,1,0

📌 Real Use Case 2: User should only see their own customers

✅ Record Rule Setup:

Model: res.partner

[(‘user_id’, ‘=’, user.id)]

🧪 Realistic Combined Scenario

Imagine you have a project.task model:

Access Right gives the user rights to read/write.
Record Rule restricts visibility to only tasks in projects where the user is a member.

Example Rule:

[(‘project_id.user_ids’, ‘in’, [user.id])]

This ensures that:

✅ Summary Table

⚠️ Best Practices