The ir.model.access.csv file is an important part of the Odoo module which is used to set access rights (access control) to the data model. This file determines who can read, write, create, or delete data on a particular model. Because it regulates access to sensitive data, this file needs to be managed carefully to prevent security gaps in Odoo applications.
What is ir.model.access.csv?
The ir.model.access.csv is a CSV based configuration file used to define access rules for models in Odoo. The basic structure of this file is as follows:
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_product_manager,access_product_manager,model_product_template,base.group_product_manager,1,1,1,0Column Explanation:
1. id: Unique identifier for the access rule ( usually in the form of a name descriptive).
2. name: Descriptive name for the rule access.
3. model_id:id: The technical name of the model set.
4. group_id:id: Access rights only apply to the specified user group (if empty, apply to all users ).
5. perm_read: Rights to read data (1 for allowed, 0 for not allowed).
6. perm_write: Rights to change data.
7. perm_create: The right to create new data.
8. perm_unlink: The right to delete data.
How to Activate Security
The location of this file is free to be anywhere, but usually it is located in the data folder and the file must be imported in __manifest__.py in your example module folder on files __manifest__.py:
{
#....
'data': [
'security/ir.model.access.csv'
],
#...
}
