Adding access control security

To get a picture of what information is needed to add access rules to a model, use the web client and go to Settings | Technical | Security | Access Rights:

Here, we can see the ACL for some models. It indicates, per security group, what actions are allowed on records. This information has to be provided by the module using a data file to load the lines into the ir.model.access model. We will add full access to the employee group on the model. The internal user is the basic access group nearly everyone belongs to.

This is done using a CSV file named security/ir.model.access.csv. Let's add it with the following content:

id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink access_book_user,BookUser,model_library_book,library_group_user,1,0,0,0 access_book_manager,BookManager,model_library_book,library_group_manager,1,1,1,1 

The filename must correspond to the model to load the data into, and the first line of the file has the column names. These are the columns provided in our CSV file:

• id is the record's external identifier (also known as XML ID). It should be unique in our module.
• name is a description title. It is only informative and it's best if it's kept unique.
• model_id is the external identifier for the model we are giving access to. Models have XML IDs automatically generated by the ORM; for library.book, the identifier is model_library_book.
• group_id identifies the security group to give permissions to. We grant access to the security groups created before: library_group_user and library_group_manager.
• The perm_... fields flag the access to grant read, write, create, or unlink (delete) access. We gave regular users read access and managers full access.

We must not forget to add the reference to this new file in the __manifest__.py descriptor's data attribute. It should look as shown in the following code:

'data': [
    'security/library_security.xml',
    'security/ir.model.access.csv', 
    'views/library_menu.xml', 
], 

As before, upgrade the module for these additions to take effect. The warning message should be gone. And we can confirm that the permissions are OK by logging in with the admin user, since is was included in the Library Manager Group.