Odoo Tutorial: Manage Users and Access Control in Odoo 16

1. Managing User Accounts in Odoo

In this section, we will cover the essential steps of creating and managing user accounts in Odoo 16. Let’s dive in:

1.1 User Creation

Creating user accounts allows individuals to securely access your Odoo 16 system, personalize settings, and track their activities. It provides authenticated access and enables users to perform their tasks efficiently.

• Log in to your Odoo 16 instance as an administrator or user with sufficient access rights.
• Navigate to the “Settings” module and click on the “Manage Users” option.
• Click on the “Create” button to start creating a new user.
• Enter the user’s details, including username and email address. Under “Allowed companies” select which entities you want to give your user access to. You can also specify other optional information like the user’s language and time zone under the “Preferences” tab​.

After everything is set and the page is saved, the new User will receive an automatic invitation email from Odoo which he then must accept to create a login.

1.2 Assigning User types

In Odoo, users are categorized into different types based on their roles and access levels:

• Internal Users: typically employees with access to various modules and features.
• Portal Users: Customers or suppliers with limited access to relevant documents via the Portal
• Public Users: Website access only, to publicly available features, such as browsing product catalogs or submitting contact forms

By assigning the appropriate user type in Odoo 16, you can ensure that individuals have the right level of access and functionality tailored to their specific roles and needs.

1.3 Related Partner Field: Provide Easy Portal Access for Customers & Suppliers 

With the “Related Partner” field you can associate a user with a specific partner record, such as a customer or supplier. This connection enables seamless integration and collaboration across different modules in Odoo, ensuring efficient communication and access to associated records.

For example, If you create a new contact in Odoo’s contact app for a new customer to who you want to give access to your customer portal, you can do so by simple click on the Contact form, under “Action” > “Grant portal access”

In the pop-up window that opens click “Grant Access” and “Close”. Now go back to “Settings” > “Companies & Users” > “Users“. Here you will see now that a new Portal User was automatically created and an email invitation for login creation was already sent.

1.4 Assigning User Roles and Permissions

Odoo allows you to define user access rights with laser precision. In the “Access Rights” tab of the user form, you can conveniently select the exact role and access permission for each of your installed applications.

1.3 Managing Passwords

Easily Enable Password Resets from Login Page – To allow your users password resets directly from the login page, follow these steps:

• Navigate to “Settings” and select “Permissions“.
• Activate the “Password Reset” option.
• Save the changes.

To send password reset instructions to users in Odoo, follow these simple steps:

• Access “Settings” > “Users & Companies” > “Users“
• Locate the right user from the list and open their user form.
• Within the user form, click on the “Send Password Reset Instructions” option.

An automatic email will be dispatched to the user, containing comprehensive instructions on how to reset their password.  The email will also include a convenient link that redirects the user to an Odoo login page specifically designed for password resetting.

To change a user’s password in Odoo, follow these simple steps:

• Go to “Settings” > “Users & Companies” > “Users“
• Choose the user for whom you wish to modify the password to access their user form.
• Click on the “Action” button and select “Change Password“
• Enter the desired new password and confirm the change by clicking on “Change Password“

Please note:  this change only affects the user’s local password within your  Odoo system and does not impact their odoo.com account. If you need to change the password for their odoo.com account, it is recommended to send the password reset instructions.

After clicking on “Change Password“, you will be redirected to an Odoo login page where you can reaccess your database using the newly updated password.

2. Managing Multi-company Access

This feature is especially useful if your organization consists of multiple entities that should all be managed from one central system. Under the “Access Right” tab of your user forms, you have the “Allowed Companies” field which allows you to define which of the multiple company databases a user can access. You can select one, or multiple.

3. Managing User Groups 

User groups in Odoo 16 simplify access control and permissions management. They allow you to group users based on their roles or departments, providing efficient control over access to modules, features, and data. By assigning users to groups, you can easily manage permissions for multiple users at once, ensuring appropriate access and enhancing data security within your Odoo 16 system.

3.1 Configuring User Groups

To be able to access User groups in your Odoo 16 user face, activate the developer mode, then go to “Settings” > “Users & Companies” > “Groups“

Here you can see an overview of all your different groups and group types, create new ones or configure existing ones. To do the latter, select a specific group and click on it.

3.1.1 User Tab

Each Access Group can be precisely configured through a multitude of Tabs and allows you to define exact rules to models within each of your Odoo apps. For starters, under “Users” you can see a list of all your Users currently in this group.

3.1.2 Inherited Tab

When a user is added to an application access group with “inherited” settings in Odoo, it means they are automatically added to other related groups as well. For instance, if a user has access to the “Employees / Administrator” group, they will also have access to the “Fleet / Administrator” and “Employees / Officer: Manage all employees” groups. This simplifies user management by ensuring that permissions and access rights cascade down through related groups, providing seamless access control across multiple functionalities.

3.1.3 Menus Tab

The Menus tab in Odoo allows you to specify the menus or models that a user can access. By configuring this tab, you control which sections and features of the system are available to the user. It serves as a way to customize the user’s interface and determine their level of access to different functionalities within Odoo.

3.1.4. Access Rights Rules Tab

Access Rights rules in Odoo serve as the first level of rights for controlling user permissions. Each rule corresponds to a specific object or model within the system. By enabling the appropriate options, you can determine the user’s access level for that particular object:

• Read: Allows the user to view the values of the object but not modify them.
• Write: Grants the user permission to edit the values of the object.
• Create: Permits the user to create new values or records for that object.
• Delete: Enables the user to remove or delete values associated with the object.

These options provide flexibility in defining the user’s level of access and control over individual objects or models within Odoo.

3.1.5. Records Rules Tab

Record Rules in Odoo serve as an additional layer for defining editing and visibility rules, to overwrite or refine the Access Rights settings. They control access to records within a model and which records can be accessed by which users. When configuring a record rule, you can choose from options like Read, Write, Create, and Delete to specify the permissions for values associated with that rule. This provides a more granular control over user access and actions on specific records within the system.

To understand this better, let’s look at a example:

In the User Group “Sales / Own documents” you can see a variety of Records Rules set. The “Personal” rules restrict this group to accessing only their own sales orders and any unassigned orders. Additionally, they enjoy complete access to all records of other models.

In contrast, the “all documents” group is granted access to all records using the domain [(1,’=’,1)] which is always true. 

As a result, the “Sales > Administrator” group doesn’t require additional access privileges since it inherits full access from the “All Documents” group.