security Vulnerability or duplication in OpenERP??

Masoom Alam masoom.alam at
Sat May 22 02:15:09 CEST 2010

Hi Every one,

I am having two problems, please idenfity, whether I am doing some thing
wrong, or this thing is not possible in OpenERP:

*Problem 1*

   1. Whenever, I give access rights on an object, or set of objects to a
   particular user, all the menus related to that object are automatically
   accessible by that user. For example, in the account_voucher, if a list of
   objects such as account.voucher, account.journal etc, etc.  which are
   required for a user, are given, all the menus under the voucher Entries are
   automatically assigned. This is the default behavior. right?
   2. Does this mean that there is no need to have
   "Administration--->Security----->Grant Access to Menus", some how granting
   access to menus is useless, since objects access is needed and when I give
   object access, menus access is automatically granted.
   3. Is there is some way, that i can grant access to a list of objects to
   two or three users, but restrict access to menus?
   4. Scenario: I want to give access to user1 to Bank Receipt Voucher while
   to user2, Cash Payment Voucher. Now menus are different, but objects are

*Problem 2*

   1. in the _columns{}, whenever a one2many() relation is chosen for a
   field, on search, the fields associated with the "many portion" are
   automatically shown. Can we restrict this view, i mean certain
   columns/fields from the "many part" can be hidden from particular users,
   while certain can be shown for search purpose only?

Thanking you in advance.
MM Alam
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the community mailing list