I am creating a module for odoo and I only want the salesman to see the customer that was assigned to him/her in the in contact, so I created a record rule with a domain filter [('user_id,'=' user.id)]:
<record model="ir.rule" id="partner_view_rule_salesperson">
<field name="name">Sales Person View Rule</field>
<field name="model_id" ref="base.model_res_partner"/>
<field name="groups" eval="[(4, ref('sales_team.group_sale_salesman'))]" />
<field name="domain_force">[('user_id', '=', user.id)]</field>
</record>
Now the problem is, the administrator groups seems to be affected by record rule. It throws an error when I create a new user:
The requested operation ("create” on “Contact” (res.partner)) was rejected because of the following rules: - Sales Person View Rule
Records: Sample code {id=18), User: Administrator (id=2)}
I was really confuse because I didn't add the administrator group in the record rule that I've just created. And if I remove the record rule, it returns to normal.
I hope anyone can help me with this. I have already search through the internet and still not able to find the solution for this.
You need tu undo this for the admin group or any other group:
<record model="ir.rule" id="partner_view_rule_salesmanager">
<field name="name">Sales manager View Rule</field>
<field name="model_id" ref="base.model_res_partner"/>
<field name="groups" eval="[(4, ref('sales_team.group_sale_manager'))]" />
<field name="domain_force">[(1, '=', 1)]</field>
</record>
group rules when are applied in the query they are applield ( RULE1 or RULE2 or RULE3 .....) for admin now he has two rules and one of them is always true this is why he can see all partners. And make sure to read about global rules (rule that don't have a security group) because the they are applied to every one and cannot be canceled by other rule.
GLOBALRULE and GLOBALRULE2 and GLOBALRULE3 .... AND (GROUPRULE1 or GROUPRULE2 or GROUPRULE3....)
If there is a global record that prevent from reading a record the query will not return it.