28 lines
1.3 KiB
ReStructuredText
28 lines
1.3 KiB
ReStructuredText
.. image:: https://itpp.dev/images/infinity-readme.png
|
|
:alt: Tested and maintained by IT Projects Labs
|
|
:target: https://itpp.dev
|
|
|
|
Restricted administration rights
|
|
================================
|
|
|
|
The module makes impossible for administrator to set (and see) more access rights (groups) than he already has.
|
|
The only partial exception of this rule is made if you are already a member of the *Allow add implied groups from settings* security group.
|
|
Then you are allowed to escalate your privileges but just from ``Settings`` menus (by means of ``group_XXX`` boolean fields of ``res.config.settings`` models views).
|
|
|
|
This doesn't affect superuser, of course.
|
|
|
|
Typical usage of the module
|
|
===========================
|
|
|
|
The superuser creates an administrator user without access group "Show Apps Menu" (see **access_apps** module). Then the administrator has access to settings, but not able to install new apps (without this module he can add himself to "Show Apps Menu" and get access to apps).
|
|
|
|
Roadmap
|
|
=======
|
|
|
|
* Settings menu shows group fields are not updated without *Allow add implied groups from settings* (ok), but it shows the fields as not editable (not ok)
|
|
|
|
Further information
|
|
===================
|
|
|
|
Tested on `Odoo 17.0 <https://github.com/odoo/odoo/commit/40b19d89846303016098840f4958fe7cc105067c>`_
|