User Roles Setup & User Manual

Overview

Odoo 17 Module – Roles · Groups · Menus · Access Rights · Record Rules

Odoo security is structured in layers:

1. Roles
   • Represent business functions.
   • A user can hold multiple roles to reflect combinations of responsibility.
   • Example:
     • Sales Manager = Sales + Manager
     • Marketing Manager = Marketing + Manager
     • Sales & Marketing Staff = Sales + Marketing
2. Groups
   • Each role corresponds to one or more groups.
   • Users inherit all groups from their roles.
   • Groups define menu visibility, module access, and permissions.
3. Menus
4. • Determine what modules and menu items users can see.
5. Access Rights
   • Attached to groups.
   • Define what actions can be performed on entire models (CRUD).
6. Record Rules
   • Add the final layer of control.
   • Restrict which records inside a model the user can access.

Security chain:

Roles → Groups → Menus → Access Rights → Record Rules

Installation Guide

1️⃣ Download the Module

Download the User Roles module file (zip file)

​

2️⃣ Upload to Your Odoo Server

Ask your system administrator (or do it yourself if you manage the server) to upload and extract the User Roles folder into the Odoo addons folder.

3️⃣ Update the Apps List

• Log in to your Odoo account with admin access.
• Go to the Apps menu.
• Click Update Apps List (Developer Mode).
• Confirm.

4️⃣ Activate User Roles

• In the Apps screen, type User Roles in the search bar.
• When the User Roles app appears, click Activate.
• Wait for the installation to complete.

With the User Roles feature, you can standardize permissions, simplify user setup, and ensure consistent access control across your organization.

Accessing & Permissions

• Roles → Settings → Users & Companies → Roles
  
  
  
  
• Groups → Settings → Users & Companies → Groups
  
  
  
  
• Menu Items → Settings → Technical → User Interface → Menu Items (Developer Mode)
  
  
  
  
• Access Rights → Settings → Technical → Security → Access Rights (Developer Mode)
  
• Record Rules → Settings → Technical → Security → Record Rules (Developer Mode)
  

Steps (Manual Process)

A. Assign Roles to a User

1. Go to Settings → Users & Companies → Users.
2. Open the user profile.
3. In the Roles field, select one or more roles:
   • Example:
     • For a Sales Manager, assign Sales + Manager.
     • For a Marketing Manager, assign Marketing + Manager.
     • For a Sales & Marketing Staff, assign Sales + Marketing.
       
       
       
       
4. Save.

B. Copy User Access

• Open a user → Action → Duplicate.
• Adjust roles as needed.
  
  

C. Archive a User

• Open user → Action → Archive.
• Archived users retain history but cannot log in.
  
  

D. Manage Roles

• There are two options to manage roles:
• • Manual Setup
  • • Go to Settings → Users & Companies → Roles.
    • Create or edit a role.
    • Assign related groups.
    • Save.
      
      
      
      
  • Copy Access Rights From User (Optional)
  • • Go to Settings → Users & Companies → Roles.
    • Click New.
    • Click the “Copy Access Rights From User” button.
      
      
      
      
    • Select an existing user → Copy Access Rights.
      
      
      
      
    • Groups and access rights from that user are applied to the role and adjust if needed.

E. Manage Groups

• Go to Settings → Users & Companies → Groups.
• Create/Edit groups as needed.
  
  

F. Manage Menus

• There are two ways:
• • From a Group → Open a group → Menus tab → assign menus directly to that group.
    
    
    
    
  • ​Settings → Technical → User Interface → Menu Items (Developer Mode) → edit menu and link it to one or more groups.
    
    

G. Manage Access Rights

• There are two ways:
• • From a Group → Open a group → Access Rights tab → tick CRUD (Read, Write, Create, Delete).
    
    
    
    
  • ​Settings → Technical → Security → Access Rights (Developer Mode) → create or edit access rights directly.
    
    

H. Manage Record Rules

• There are two ways:
• • From a Group → Open a group → Record Rules tab → create/edit rules linked to that group and tick CRUD (Read, Write, Create, Delete).
    
    
    
    
  • ​Settings → Technical → Security → Record Rules (Developer Mode) → Create rules → select model, domain, group, and tick CRUD (Read, Write, Create, Delete).
    
    

Tips and Best Practices

• Roles are modular: combine them instead of creating many unique “manager” roles.
• Keep a Role → Group mapping matrix for clarity.
• Test with dummy users who have multiple roles.
• Archive users instead of deleting.
• Use record rules mainly for ownership and department-level restrictions.

Quick Workflow

Roles → Groups → Menus → Access Rights → Record Rules

• • Assign Roles (can be multiple) → defines business function.
  • Roles map to Groups.
  • Groups set Menus and Access Rights.
  • Record Rules restrict which records are visible.

Frequently Asked Questions

Q: Can a user have multiple roles?

A: Yes. For example:

• ​Sales Manager = Sales + Manager
• ​Marketing Manager = Marketing + Manager

Q: Do roles replace groups?

A: No. Roles are business-level labels; groups are the actual Odoo security mechanism.

Q: What’s the difference between Access Rights and Record Rules?

A: 

• ​Access Rights = what actions can be performed.
• ​Record Rules = which records can be accessed.

Q: How do I temporarily disable a user?

A: Archive them in Settings → Users & Companies → Users.