Odoo Tutorial | Manage Users & Access Control in Odoo 16

Efficient user management and robust access control are fundamental for businesses of all sizes seeking to maintain data security and operational efficiency. The Odoo platform provides powerful tools to streamline user administration and strengthen data security across your system. This comprehensive guide will walk you through the essential processes of setting up user accounts and configuring access control within Odoo 16, enabling you to effectively manage your system's security and organizational structure.

1. Managing User Accounts in Odoo

This section delves into the critical steps involved in creating and maintaining user accounts within Odoo 16. Understanding these procedures is key to ensuring that every individual has appropriate access to the system.

1.1 User Creation

Creating user accounts is the initial step to granting individuals secure access to your Odoo 16 system. This process allows users to personalize their settings, track their activities, and efficiently perform their assigned tasks while maintaining authenticated access.

• Log in to your Odoo 16 instance using an administrator account or an account with sufficient access rights.
• Navigate to the "Settings" module and then select the "Manage Users" option.
• Click the "Create" button to initiate the creation of a new user account.
• Input the user’s essential details, including their username and email address. Under the "Allowed companies" section, carefully select the specific entities or databases to which the user should have access. You can also specify other optional information, such as the user’s preferred language and time zone, within the "Preferences" tab.

Once all details are set and the page is saved, the newly created user will automatically receive an invitation email from the Odoo system. The user must accept this invitation to establish their login credentials and gain access.

1.2 Assigning User Types

In Odoo, users are thoughtfully categorized into distinct types, each reflecting different roles and corresponding access levels. This categorization is crucial for defining appropriate system interactions:

• Internal Users: These are typically employees who require comprehensive access to various modules and features within the Odoo system, supporting their daily operational tasks.
• Portal Users: Generally customers or suppliers, these users are granted limited access, primarily to relevant documents and functionalities accessible through the designated Odoo Portal.
• Public Users: These users have access only to publicly available features of your website, such as browsing product catalogs or submitting contact forms, without requiring specific login credentials for backend access.

By assigning the correct user type in Odoo 16, organizations can effectively ensure that individuals possess the precise level of access and functionality necessary for their specific roles and responsibilities, optimizing workflow and enhancing security.

1.3 Related Partner Field: Providing Seamless Portal Access

The "Related Partner" field is an invaluable feature that allows you to link a user account with a specific partner record, such as an existing customer or supplier. This strategic connection facilitates seamless integration and enhanced collaboration across various Odoo modules, ensuring efficient communication and direct access to associated records and information.

For instance, if you establish a new contact in Odoo’s contact application for a customer to whom you wish to grant access to your customer portal, the process is straightforward. Simply navigate to the Contact form, locate the "Action" menu, and select "Grant portal access."

In the subsequent pop-up window, click "Grant Access" and then "Close." Upon returning to "Settings" > "Companies & Users" > "Users," you will observe that a new Portal User has been automatically generated, and an email invitation for login creation has already been dispatched.

1.4 Assigning User Roles and Permissions

Odoo provides extensive capabilities for defining user access rights with exceptional precision. Within the "Access Rights" tab of the user form, administrators can conveniently select the exact role and specific access permissions for each installed application. This granular control ensures that users only have access to the functionalities and data relevant to their responsibilities, thereby enhancing overall system security and operational integrity.

1.5 Managing Passwords

Effective password management is a crucial aspect of user security. Odoo offers several convenient options for managing user passwords, allowing both users and administrators to handle password-related tasks efficiently.

Enabling Password Resets from Login Page

To empower your users to reset their passwords directly from the Odoo login page, follow these straightforward steps, enhancing user autonomy and reducing administrative burden:

• Navigate to "Settings" and choose the "Permissions" section.
• Activate the "Password Reset" option.
• Save the applied changes to implement this feature.

Sending Password Reset Instructions to Users

Administrators can easily send password reset instructions to individual users in Odoo. This is particularly useful when a user has forgotten their password or requires a forced reset. Follow these simple steps:

• Access "Settings" > "Users & Companies" > "Users."
• Locate the specific user from the list and open their corresponding user form.
• Within the user form, click on the "Send Password Reset Instructions" option.

An automated email containing comprehensive instructions on how to reset their password will be dispatched to the user. This email will also include a convenient link that redirects the user to an Odoo login page specifically designed for the password resetting process, ensuring a secure and guided experience.

Changing a User's Password as an Administrator

To directly change a user’s password in Odoo, an administrator can follow these steps, which can be useful for initial setup or immediate security adjustments:

• Go to "Settings" > "Users & Companies" > "Users."
• Select the user for whom you wish to modify the password to access their user form.
• Click on the "Action" button and then select "Change Password."
• Enter the desired new password and confirm the change by clicking "Change Password."

Please note: This direct password change only impacts the user’s local password within your Odoo system and does not affect any associated Odoo.com account. If a password change for an Odoo.com account is required, it is strongly recommended to utilize the "Send Password Reset Instructions" feature for security and consistency.

After clicking "Change Password," you will typically be redirected to an Odoo login page, where you can reaccess your database using the newly updated password, or the user can log in with their new credentials.

2. Managing Multi-company Access

The multi-company access feature in Odoo 16 is particularly beneficial for organizations that operate with multiple legal entities or branches but wish to manage them all from a single, centralized system. Within the "Access Rights" tab of user forms, the "Allowed Companies" field empowers administrators to precisely define which of the multiple company databases a particular user can access. This granular control allows for the selection of one or multiple companies, ensuring that users interact only with the data relevant to their assigned roles and preventing unauthorized access across different entities. This capability significantly enhances data segregation and organizational oversight within a unified Odoo environment.

3. Managing User Groups

User groups in Odoo 16 are instrumental in simplifying access control and permissions management. They offer a highly efficient method to categorize users based on their roles, departments, or specific functions, thereby providing streamlined control over access to various modules, features, and critical data within the system. By thoughtfully assigning users to appropriate groups, administrators can effortlessly manage permissions for multiple users concurrently, ensuring that each individual has the necessary level of access while simultaneously enhancing overall data security and integrity across your Odoo 16 system.

3.1 Configuring User Groups

To access and configure user groups within your Odoo 16 interface, you first need to activate the developer mode. Once developer mode is enabled, navigate to "Settings" > "Users & Companies" > "Groups."

This section provides a comprehensive overview of all existing user groups and their respective types. From here, you can either create new groups tailored to your organizational needs or meticulously configure existing ones. To modify an existing group, simply select it from the list and click to open its configuration details.

3.1.1 User Tab

Within each access group's configuration, the "Users" tab provides a clear and concise list of all individual users who are currently members of that specific group. This tab allows for quick verification and understanding of who is associated with particular access permissions.

3.1.2 Inherited Tab

The "Inherited" tab plays a vital role in simplifying complex user access management. When a user is added to an application access group with "inherited" settings in Odoo, it signifies that they are automatically granted membership in other related groups. For example, if a user holds access to the "Employees / Administrator" group, they will inherently also gain access to the "Fleet / Administrator" and "Employees / Officer: Manage all employees" groups. This intelligent mechanism significantly streamlines user management by ensuring that permissions and access rights logically cascade down through interconnected groups, thereby providing seamless and consistent access control across multiple functionalities and modules within Odoo.

3.1.3 Menus Tab

The "Menus" tab in Odoo group configuration is where administrators can precisely define which menus or specific models a user within that group can access. By carefully configuring this tab, you gain explicit control over the user’s interface, effectively determining which sections and features of the system are presented and available to them. This capability allows for the customization of each user’s experience, aligning their access with their operational responsibilities and enhancing focus by removing irrelevant functionalities.

3.1.4 Access Rights Rules Tab

Access Rights rules in Odoo establish the foundational level of control over user permissions. Each rule is specifically linked to a particular object or model within the Odoo system, providing a robust framework for defining interactions. By enabling the appropriate options within this tab, administrators can precisely determine the user’s access level for that specific object, encompassing various actions:

• Read: This permission allows the user to view the values and information of the object but restricts them from making any modifications.
• Write: Granting this permission allows the user to edit and update the existing values of the object.
• Create: Users with this permission are authorized to generate new values or records for the designated object.
• Delete: This powerful permission enables the user to remove or permanently delete values and records associated with the object.

These distinct options collectively offer significant flexibility in meticulously defining each user’s specific level of access and operational control over individual objects or models within the Odoo environment.

3.1.5 Records Rules Tab

Record Rules in Odoo introduce an advanced layer for defining highly granular editing and visibility settings, designed to either override or further refine the broader Access Rights configurations. These rules govern access to individual records within a specific model, dictating precisely which records can be accessed and by whom. When configuring a record rule, administrators can choose from the standard permissions—Read, Write, Create, and Delete—to specify the exact actions users are allowed to perform on values associated with that particular rule. This mechanism provides unparalleled control over user interactions with specific data instances within the system.

To illustrate this concept more effectively, consider the following example:

Within the user group designated as "Sales / Own documents," you will observe a carefully curated set of Records Rules. The "Personal" rules, for instance, are specifically configured to restrict members of this group to accessing only their own sales orders and any sales orders that have not yet been assigned to a specific user. Importantly, despite these restrictions, users in this group typically retain complete access to all records of other, unrelated models. This demonstrates how record rules can enforce data ownership and segregation while maintaining broader system access where appropriate.

In stark contrast, a user group such as "all documents" is typically granted unfettered access to all records. This is achieved by utilizing the domain [(1,'=',1)], a condition that is always true, effectively providing universal access to all relevant data. This approach is often used for administrative roles or groups that require a broad overview of all records.

Consequently, an administrator group, such as "Sales > Administrator," typically does not require the configuration of additional, specific access privileges. This is because such a group inherently inherits full access permissions from broader groups like "All Documents," ensuring comprehensive oversight and control without redundant rule definitions.

Implementing effective user access rights and managing them properly in Odoo is crucial for maintaining a secure and smoothly functioning system. Accurate configuration is essential to prevent unauthorized data access, ensure data integrity, and optimize operational workflows. Organizations should prioritize a well-planned approach to user management to safeguard their system and support efficient business processes. Careful attention to these details helps in mitigating risks and maximizing the benefits of the Odoo platform.