So, I'm in this situation on Odoo v13:
I have a bunch of portal user, and on some condition I want to add them to an internal group (this group is result of my code, not others). But on adding process, Odoo return an error of: User can have only one user type. And I know that's caused by I want to add a portal user to an internal group.
My question is: How can I change an internal group to a portal group with the same access rights and record rules?
you just add all access rights and record rules to group base.group_portal, that's how it works!
Related
Is it possible to add users to different groups based on the url they are coming from. All users to be added under the same Azure B2C directory but under different group during registration.
Example:
www.admin.com - User should go to "Admin" group.
www.user.com - User should go to "Users" group.
Thanks :)
You could use azure ad dynamic user group to do that, when you create a dynamic group with rules, the system evaluates all rules in a directory to see if the change would trigger any group adds or removes. If a user satisfies a rule on a group, they are added as a member of that group.
Reference - Dynamic membership rules for groups in Azure Active Directory
In your case, create the dynamic user group Admin, to add the users to the Admin group, you just need to add the rule like (user.userPrincipalName -match ".*admin.com*."), another one is the same logic.
After the system updated the group completely, it will appear like below.
I created a user testaccount1 in the active directory, and then created a new user profile in the CRM 2016 and added the account to a security group
I was able to create records that I have given access for that account
I repeated the same steps and created a testaccount2 in active directory, created a user profile in CRM and added to the same security group as testaccoutn1
But when I try to create record using the testaccount2 I get the below error
Insufficient Permissions You do not have permission to access these
records. Contact your Microsoft Dynamics CRM administrator.
There is only one security role that is assigned to both these accounts, where should I look for to fix this?
Hit Download log file
the error message will give you the specific permission that is missing
(it will look something like "**prvContactCreate" if you are lacking create on the contact record at the level of scope/depth required). Once you post the error message here, we will be able to give more detailed responses. Question - When creating the record with the second account - are you by chance setting the owner as someone other than yourself? If so, what is the depth of the privilege for the security role on the given user?
Hello I'd like restrict all users to just access the Work Center with ID = 1
I added a record rule for mrp.workcenter and added the domain filter [('id','=',1)]. But still I can see all the work centers...
Any ideas?
Given domain is correct and work fine.
You can see all the records from admin login. But if you can login from other user, suppose Manufacturing Manager than they can see only one record(I mean id=1).
By default, there are no any rules are apply to admin user. Please check it from other user.
define access rules in security/ir.model.access.csv there you can set rights for create, edit, view and delete for specific groups
I have three custom entities; Project, ProjectStageExternal and ProjectStageInternal,I have added a workflow which will create ProjectStageInternal and ProjectStageExternal records when admin creates a Project record.
Now I have a security roll named customer. Users having this roll only read the Project and ProjectStageExternal records.
The problem is workflow is not working when ownership is changed to users having customer security roll. Its showing this following error: The selected user does not have sufficient privileges to be assigned records of this type.
what am I missing here?
Thanks.
That security role has basically no permissions on those entities, so the users wont be able to do anything with them.
If you want someone to be able to assign (or have a workflow assign on their behalf) you need to grant the assign permission and probably write as well.
If you dont want to grant them those permissions, change the workflow's Scope to organisation and assign it to an admin user. That means the workflow will run with the admins permissions and security roles.
Only providing Read Privileges to the user/team whom the record is to be assigned will work perfectly fine !!
I am editing user security and am trying to give a user access to an e.List item. I select the user using the [...] button and successfully find that user by searching in our AD domain.
After I select the user and press OK, that user does not come into the CAC, just this error The filter will only accept groups and roles. Users will not be added to the filter. I don't see any filters here at all.
Have you seen this before and is it possible to set up security by users?
Thank you,
WE
Answer from ericlfg on http://www.cognoise.com/community/index.php/board,15.0.html:
Hi William,
The message you are receiving is by design. In order to add a specific user, rather than a group or role, that use needs to be a member of some kind of hierarchy in your security provider.
Ex: If you're using cognos groups and roles with a Role called "Test". You would populate this test role with members from your namespace. In the CAC, you would then select the Test group when you click on the elipsis and then that will allow you to select your individual user (or alternatively the Test role).
The same would be true if you're trying to add members directly from your 3rd party authentication provider. The individual users need to be part of a roll-up role or group in order to add that roll-up role or group to the filter. Once added to the filter you can select the individual users.
Hope this helps.