Setting up appropriate access rights for each user in Odoo is a crucial part of system configuration. However, access management can become challenging, especially when dealing with a large number of users. A module that replicates the company structure through roles can significantly simplify this process.
The User Roles module facilitates structured access management by allowing to define roles that align closely with the company's hierarchy. Each role is assigned specific access groups, ensuring that users with the role can navigate the system efficiently while maintaining access only to the necessary functionalities.
Configuration
Once installed, the module introduces a Roles sub-menu under Users & Companies in the Settings page. This section provides a list of all created roles. Selecting a role opens its detailed form view, which includes:
- Role Name
- Associated Access Groups
- Users Assigned to the Role
- Internal Notes
Creating a New Role
To create a new role, click the “New” button, which opens a form view. While the Name field is the only mandatory input, assigning appropriate Access Groups is necessary for the role to be functional. Once configured, the role can be assigned to users.
Roles can be assigned in two ways:
- From the User’s Form View: Navigate to the
Roles tab and select the desired roles. Each assigned role can have a specified validity period with a start and end date. - From the Role’s Form View: Use the
Users tab to assign multiple users to a role.
Only users with the Administration: Access Rights privilege can manage roles.
How the Functionality Works
When a role is assigned to a user, the user automatically inherit all associated access groups. Additional access groups cannot be manually added to users who have assigned roles. This ensures strict adherence to the defined access structure.
If a user has multiple roles, the access group with the highest level of privileges takes precedence. For example, if:
- Salesperson role includes
Inventory: User access - Inventory Manager role includes
Inventory: Administrator access
A user assigned both roles will have Inventory: Administrator access, as it holds a higher level of access.
To view the active access groups for a user, go to the Access Rights tab next to the Roles tab in the user's form view.
Company-Specific Roles
For organizations using multi-company mode, the User Roles by Company extension module can be useful, as it introduces role assignment per company.
The key feature for the module are:
- Adds a Company field in the Roles tab of the Users view.
- If no company is specified, the role applies to all companies the user has access to.
- A Company can be assigned to a Role only if it is in the User’s Allowed Companies list.
- When multiple companies are selected as active for the user, only roles applicable to all selected companies remain active.
Final Thoughts
By structuring user access management through roles, organizations can efficiently manage permissions across multiple users while maintaining clarity and control over access rights. This approach simplifies administration and ensures a clear overview of user privileges.
The User Roles module is actively maintained by the Odoo Community Association (OCA), with the latest available version being 18.0.1.0.2.