Skip to Content

Generic Security Restriction

10.40 13.00

Technical Name
generic_security_restriction
Subscribe to download Add to collection

The module for provides a powerful and flexible way to control user visibility across menus, fields, actions, and buttons. Whether you need to hide specific menus, restrict access to certain actions or field elements, or tailor visibility per user or group, this module equips your instance with granular access control beyond default behavior.

  • Hide menus and submenus from selected security groups or individual users

  • Restrict window actions, contextual server actions, and report/print form access

  • Hide or make fields readonly based on security group using the Fields Security tab

  • Remove stat buttons (e.g., oe_stat_button) from views for specific groups

  • Override Many2one field parameters (no_open, no_create, no_quick_create, no_create_edit) directly via user interface

  • Apply domain-based restrictions to any model for designated users or groups for fine-tuned data access

  • Empowers administrators with fine-grained control over UI elements and workflows

  • Enhances interface clarity by hiding irrelevant menus and actions per role

  • Strengthens data security through tailored field visibility and read-only settings

  • Minimizes errors by preventing unauthorized interactions with critical fields or actions

  • Streamlines access management without modifying core code or views

Generic Security Restriction allows you to hide user menus or give access to specific ones, window actions, specific fields or stat buttons on the view. It also allows you to overwrite the parameters of Many2one fields as if they were rewritten in the field definition of the model.

This module has simple and fast configuration, and it is very easy to use!

You can do the following:

  • Hide menus by security groups
  • Give access to the specific menus only
  • Hide menu actions
  • Restrict menus and any report / priniting form from specific users
  • Hide specific fields of the selected model from certain security groups
  • Make fields readonly for certain security groups
  • Hide stat buttons (oe_stat_button) on the view from certain security groups
  • Apply restrictions via domain to any model for specific user

Change fields paramaters on Many2one fields:

  • Rewrite field parameter: ('no_open'=True)
  • Rewrite field parameter: ('no_create'=True)
  • Rewrite field parameter: ('no_quick_create'=True)
  • Rewrite field parameter: ('no_create_edit'=True)
Note:

You can not grant access to the restricted menu items using access rights. Restrict menus for the Employee security group with caution.

User with superadmin rights gets full access regardless of restriction. This is done to avoid accidental permanent restrictions.

Hide menu by security groups

groups


Hide menu from a specific user (Menu Items settings)

menu_user


Restrict menu from a specific user (User settings)

user


Restrict report from a specific user (User settings)

user


Restrict menu from a specific groups

user


Give access to the specific menus only

Note

The user menu settings has high priority than group ones. When menus specified in user settings, only they will be visible, even if others setted up in group of user.

user


Restrict action from a specific groups

user


Restrict contextual server action from a specific user

user


Hide specific fields of the selected model from certain security groups

For this, you need to activate the Developer Mode. Then, click Database Structure -> Models and select the desired model. On the Fields Security tab, specify the fields to hide or make readonly, and user security groups to hide from.

hide fields


Make a field readonly

make a field readonly


Hide stat buttons on the view

hide stat button



You can overwrite the parameters of Many2one fields from the user interface. When you select Many2one field, you will see additional options. To use these options, select the Rewrite Options checkbox.

rewrite options


Rewrite field parameter: ('no_open'=True)

This parameter makes the following changes:

  • In the Read mode, fields that are usually rendered and displayed as a link will be displayed as a normal readonly text
  • In the Edit mode, the button to open the record will be hidden
no open


Rewrite field parameter: ('no_create'=True)

This parameter forbids the creation of new records.

no create


Rewrite field parameter: ('no_quick_create'=True)

This parameter forbids the quick create of new records. Users can still create them using Create and edit... option.

no quick create


Rewrite field parameter: ('no_create_edit'=True)

This parameter forbids the creation of new records using Create and edit... option. Users can still create records with quick create.

no create edit


Apply restrictions to model via 'code' domain type

You can specify the model and set record rules by which grant access to:

  • Read
  • Create
  • Write
  • Unlink
if they are not restricted by rules.

The following example hides projects for a project user group, except for those where the current user is the project manager.

restrict project


Apply restrictions to model via 'simply' domain type

The following example hides folded Tasks for the specific user Mitchel Admin.

restrict task