Odoo Server (MOVED TO GITHUB)

Default multi-company security rules

Asked by Leonardo Pistone

I see that in a multicompany setting we can find default security rules for many objects. They are set as

['|','|',('company_id','=',False),('company_id','child_of',[user.company_id.id]),('company_id.child_ids','child_of',[user.company_id.id])]

I vaguely get that somewhat you should see your own company's stuff, but I'm missing something. What is the meaning of that rule in plain english?

Thanks a lot

Question information

Language:
English Edit question
Status:
Solved
For:
Odoo Server (MOVED TO GITHUB) Edit question
Assignee:
No assignee Edit question
Solved by:
Husen Daudi
Solved:
Last query:
Last reply:
Revision history for this message
Best Husen Daudi (husendaudi) said : 		#1

['|','|',('company_id','=',False),('company_id','child_of',[user.company_id.id]),('company_id.child_ids','child_of',[user.company_id.id])]

the fst 2 pipe signs means or condition on all domains.

('company_id','=',False), : if no company id defined on any records then it will be visible to all users.

('company_id','child_of',[user.company_id.id]) : if defined company id is child company of user's company then that record will be visible to that user.

('company_id.child_ids','child_of',[user.company_id.id]) : if child companies of defined company is child company of user's company then it will be visible to user.

these condition will be arise in following scenario.

user1: company1
   - data1
   - user2:company2
       -data2
       - user3:company3
            - data3

Revision history for this message
Leonardo Pistone (lepistone) said : 		#2

Thanks Husen Daudi, that solved my question.