I am a beginner in Odoo and I would like to create accounts for Managers and Simple Users respecting these conditions:
Manager A (of the Team 1) can see his own records as well as the records of the Users X1 and X2.
Manager B (of the Team 2) can see his own records as well as the records of the Users Y1 and Y2.
Manager A cannot see the records of Team 2.
Manager B cannot see the records of Team 1.
I created Team 1 and Team 2 as Groups using Settings --> Users and Companies --> Groups and I affected the users and the managers to their respective groups but nothing happened. When I created a new event, it was still visible for all the others.
Do I need to add a special record rule or something?
I am using the Events module of Odoo 12.
Generally, groups are defined to have different permissions(read,write,delete,edit) on model level (not on records level). For e.g, User,Manager,Director,Admin,etc. In your case, teams have same permission on event model but you only want subset of records to be visible to respective teams. (I am curious if there is a term for such permission) So, you have to use record rule.
First, add new field team_id in user.
Then, add record rule to make event only visible to respective teams. [('create_uid.team_id', '=', user.team_id.id)]
Related
New to LDAP. The way our LDAP is arranged is People and groups. The people have user information such as name, uid, and mail. The groups have group name and multiple member field which has value like cn=First Last,cn=people,dc=comic,dc=com, listing the People that are members of the group.
Currently starting with userid and password, doing two searches:
1) Get user by searching on People base domain on uid=value. Then from the user get the first and last name.
2) Search on Groups base domain based on member=cn=First Last,cn=People,dc=comic,dc=com and iterate over the list of group objects returned to the group name field.
Am just wondering is there way to do all this in one search or are two searches necessary?
Unfortunately you cannot do what would like in one operation.
Also, what you are doing will not always work. Instead of retrieving the users first and last name you should retrieve their distinguished name (dn attribute) and do your group search based on that. First and last names can be modified within LDAP and can happen due to marriage / divorce / etc.
It is possible, provided that you implement a Reverse Group Membership Maintenance Overlay.
To determine which groups an entry is a member of without performing extra searches, the memberOf overlay is exactly what you need.
The memberof overlay updates an attribute (by default memberOf)
whenever changes occur to the membership attribute (by default member)
of entries of the objectclass (by default groupOfNames) configured to
trigger updates. Thus, it provides maintenance of the list of groups
an entry is a member of, when usual maintenance of groups is done by
modifying the members on the group entry.
You may find this Server Fault post useful for a how to.
Once you have memberOf attribute ready to be used, you may have to run ldapmodify manually on each group entries, but just once, so that all members entries can be provisioned with the corresponding group dn in their respective memberOf attribute.
Finally, to perform a group membership search for a given user, you would just search for the user entry and iterate the memberOf attribute to get group dn's.
I'm trying to configure my teamspeak server and I don't know how to do some things, so I'm asking help to configure it... here is what i wanted to do:
I have some categories like 'Minecraft' or 'Planetside 2' or 'Devlopment' and each categorie contain some channel and sub channel. which lead to something like that:
Then about users :
First, there's me: the admin.
Then I want to be able to put some people in a 'Moderator' group
Me and moderators can define some people as 'Categorie leader'. for example, I can put people A to be a 'Minecraft Category leader'
A Categorie leader can define who is in his categorie (of course moderator and admin can also), for instance: My Minecraft categorie leader A can put people B to be a Minecraft Player. But a Minecraft Categorie leader can't put People C as a 'Planetside 2 player'.
This configuration is show on this picture:
Then about the channel !
I will take the example of the Planetside 2 Categorie :
I will have 2 channels in the categorie : the first one will allow only Planetside 2 player, Planetside 2 leader and admin to access it. the second one will allow everybody to access.
How can I do that ?
For the moment I didn't try anything, as I don't want to do some mistake that would make it hard ton configure. But I was thinking about channel group, and allow a channel group to access a particular channel. I found some topics on google which make me think it's not that hard.
But then, i don't find anything which can help me to do the part where I want my Categorie leader putting channel groupe only for his categorie.
Any idea ?
Thanks for your help.
For your first question, unfortunately, this is not possible.
TeamSpeak permission is based on a numeric system, instead of a tree hierarchy system.
In other words, if my value is greater than yours, I have power over you.
So back to your case, the most you can do is a four-level rank, with Admin -> Moderator -> Leader -> Members.
In other words, if your leader made their own member groups, all other leaders can access it (since they got higher power than the member group), which is not something you'd want, but that's the sad reality of it.
Now, to your second question on channel groups, this is doable, just follow the instructions:
set all channel's needed_join_power with a value greater than 0, also make sure that you set the needed_join_power of the channel you want to exclusively for leaders is higher than that value.
set admin and moderator's join_power higher or equals to the value you set for step 1.
set the SERVER GROUP of the default Member group's join power to 0
set up channel groups with Leader and Member, both with join_power higher than the value in step 1, also make sure Leader's join power is higher than Member's
Grant Leader with the power to move user
Done. Once this is complete, the leader can move users into their channel and grant the user with the associated channel groups. When the user is assigned with the associated channel group, they can freely move in and out of the channel at free will.
I am retrieving users for Active directory in Jira 7 by using LDAP. I am trying to reduce the number of users brought from LDAP to a particular group that we have created. So in order to do that i put (objectCategory=group)(cn=WebAgileDevs) in the group object filter along with the default settings. The only thing i change is the Base DN and credentials required. When i save and test it does show me that it is testing 1 group and 15 users which is what i want!(See the screenshot). BUT, when i go and sync it, it brings in 43000 users!! What am i missing???
Test Remote Directory Screenshot
The group filter is used to filter the list of groups that are imported to JIRA, and the user filter is used to filter the list of users that are imported to JIRA. The two need not necessarily correspond. Your group filter would be instructing JIRA to bring in only that one group (into the list of groups), but without further refinement, your user filter will still be pulling in all users, as you noticed. This means that you need to adjust the user filter too.
From your question, you want to import only those users who are a member of a specific group. Atlassian provides some general guidance here.
The last example on that page is particularly relevant for you:
(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=CaptainPlanet,ou=users,dc=company,dc=com))
This tells JIRA to pull in only those user objects that are a member of the group cn=CaptainPlanet,ou=users,dc=company,dc=com. You would want to replace this with your cn=WebAgileDevs (plus whatever trailing qualifiers you need to fully qualify the group name).
I'm trying to modify the access control list of Leave Requests to approve under Leave managements module.
I need to make the Leave Requests to approve menu only accessed by each employee's manager.
ea. if the company has 10 employees under Sales/marketing and 5 employees under IT department. I need the sales manager access his 10 employees' leave requests only and not able to access the rest of company's employees who are not under his authority.
To do it, I modified the record rule domain definition of Leaves officer from [(1,'=',1)] to [('employee_id.parent_id,'=',user.id)]
but it didn't work. How to fix it?
In Your case basically your are totally pass the wrong domain for the record rules.
You are previously using the domain like
[(1,'=',1)] = > Access the all the model record for that model
[('employee_id.parent_id,'=',user.id)] = > Access the Manager parent_id as current user employee only
But in your are accessing only with the manager user only not to access its related user.
so you must have to add the below domain in your record rules:
['|',('employee_id.user_id','=',user.id),('employee_id.parent_id.user_id','=',user.id)]
Basically the manager its self as employee of the company and employee having to attached with its related user.
first Need to understand the following relation :
1. employee_id :
which is indicate the each leave related with one employee.
2. parent_id :
which is indicate the each employee related with one manager for hr.holidays model w[('employee_id.parent_id,'=',user.id)]particular model.hich is called the leave request
3. user_id :
If you want to access the login to the particular employee then and then you must have to set the related user for each employee form.which is labeled as Related User.
4. user :
Which is indicate the global user name means current user which you are currently logged in.
5.id :
means unique id for each record
In your case how the domain will work ?
first it will check the current logged in user as attached current leave employee related user or not.
and then then find the user ids which are having with the same employee attached with the same managers.
It means it will perform the OR operation of SQL Statement for both of the domain.
I hope my answer may helpful for you :)
I have 2 tables action list and priorities. Both tables share few similar attributes namely Category, and Subcategory. ActionList and Priorities have parent child relationship, with Priorities as the parent. There are several things that I want to do. 1. ActionList is semi-independent. 2. ActionList needs to get subcategory and Priorities from KP table. 3. When I do get the subcategory from AL table I want it to be "distinct" So for e.g. I input 4 different categories - Website, ChinaT, EastTiger, and BlueMountain with all of them get repeated twice for different priorities. I already insert distinct but failed. 4. When I click on Priorities dropdown I want it to get filter by subcategories. E.g In KP table Subcat Website has 2 priorites namely Provide Newsletter, and put on video. In ChinaT the priorities are Customer service, and Discussing next step, and on for the other two subcats
Cheers,
Andreas.
Ι am working in database, the think i stop with is that, ex; company with many positions as manager wich he can get 4 courses , team leader wich he can get 3 courses, and regular employee get 2.
what i need to know if need to get messege when each positions reach the limite? as you know i have many team leader and employees.
thank you