Question
I’m implementing Odoo for a multi-company setup, but users can still access records from other companies even when restricted. How can I fix this?
Problem
Despite setting access rights correctly, users from Company A can view data from Company B, violating company-based record rules.
Solution
- Ensure Record Rules are correctly set up in
ir.rule. - Activate Multi-Company Mode under
Settings > Users & Companies Multi-Companies. - Assign Company-Specific Access Rights in
res.users. - If using custom modules, enforce domain filtering in methods handling record fetching.
Example Fix
python
class CustomModel(models.Model):
_inherit = "some.model"
def _default_company(self):
return self.env.user.company_id
company_id = fields.Many2one('res.company', default=_default_company)
@api.model
def create(self, vals):
if 'company_id' not in vals:
vals['company_id'] = self.env.user.company_id.id
return super(CustomModel, self).create(vals)
Build secure, scalable, and feature-rich platforms tailored to your business needs. From custom module development to multi-company management, get end-to-end solutions for your Odoo implementation project. Let’s streamline your business operations and drive efficiency with Odoo Implementation Services.
Top comments (0)