Skip to Content
This question has been flagged
rulesissuecommercialodoo1818.0Odoo18.0
2 Replies
1448 Views
Avatar
cv

Hi everyone,

I’m setting up my first ERP with Odoo and I’ve run into a problem with salespeople access rights. What I want is that each salesperson can only see their own customers (the ones assigned to them).

I created a record rule in

Settings > Technical > Security > Record Rules with the following setup:

  • Model: Contacts (res.partner)

  • Domain:

    ['|', ('user_id', '=', user.id), ('user_id', '=', False)]

  • Groups: Sales / Salespeople

So far this seems to work, because salespeople only see their own customers.

The problem comes after that:

  • When a salesperson tries to log in, Odoo shows:

    403: Forbidden
You are not authorized to access this page.

  • If the user logs in without being a salesperson and later the group is assigned, when they open a customer, create a quotation, etc., Odoo shows:

    Access Error
does not have 'read' access to:
- Contact (res.partner)

It looks like the record rule is blocking something that Odoo needs internally, but I’m not sure what I’m missing or how this should be configured properly.

Could someone point me in the right direction on how to restrict customers per salesperson without breaking system access?

Thanks in advance! 🙏

Avatar
Discard
Avatar
Cybrosys Techno Solutions Pvt.Ltd
Best Answer
Hi,

The problem occurs because the record rule is applied to the res.partner model, which in Odoo represents much more than just customers. It also includes internal users, companies, system partners, and technical records that Odoo needs to read during login and normal operations. By restricting access to partners based only on the salesperson (user_id), the rule unintentionally blocks access to these essential records, which causes login failures (403 Forbidden) and access errors when opening customers or creating sales documents.

The key concept to understand is that you should never globally restrict all partners for salespeople. Instead, you should restrict only customer records. In Odoo, customers are identified by customer_rank > 0, while internal or system partners have customer_rank = 0. Your original rule did not make this distinction, so it blocked records that Odoo requires internally.

Rule:-

[
  '|',
    ('customer_rank', '=', 0),
    ('user_id', '=', user.id)
]

Model: res.partner
Groups: Sales / Salespeople

The correct solution is to adjust the record rule so that all non-customer partners are always accessible, and only customer partners are restricted to the assigned salesperson. This allows Odoo to function normally while still enforcing the business requirement that salespeople only see their own customers. Sales managers should typically be excluded from this restriction so they can see all customers.

Once this corrected approach is used, salespeople will be able to log in, open customers, and create quotations without errors, while customer visibility remains properly limited. This pattern follows Odoo best practices and avoids breaking core system behavior.

Hope it helps

Avatar
Discard
Related Posts Replies Views Activity
EDI Proxy - replace installation Solved
odoo18 18.0 Odoo18.0 Odoo18 CommunityEdition
Avatar
Avatar
Avatar
3
Feb 26
3423
Odoo Client Error: "sale.order.is_abandoned_cart field is undefined"
sales.order odoo18 Odoo18.0
Avatar
Avatar
1
Oct 24
4354
Install in local but not install in server, why is that?
installation server issue odoo18
Avatar
Avatar
1
Oct 25
1600
Error: Invalid object: unknown key 'template', 'component' is missing
owl Javascript odoo18 18.0
Avatar
1
Nov 24
5211
Qweb Report Header Repeating to next page issue
qweb header issue repeating odoo18
Avatar
1
Dec 25
1358