Not everyone in a business should be able to do and see everything in its system. Users and access rights govern who can do what. This piece is about managing them in Odoo.
Users and access rights
A user, in Odoo, is a person who uses the system, with their own access. Access rights govern what a user can do and see: which parts of Odoo they can use, what they can view, what they can change. Managing users and access rights is managing who the system's users are and what each is genuinely able to do and see within it.
Why access has to be managed
Access has to be managed because not every person in a business should be able to do and see everything in its system. Different people have different roles, and a person's access should match their role: they should be able to do and see what their role genuinely requires, and not more. Access not managed, everyone able to do and see everything, is a real problem: it means people can do and see things their role does not warrant, which is a risk to the security of the business's information and to the integrity of what is in the system. Managing access rights is how a business ensures each person's access genuinely matches their role.
The principle: access matched to the role
The guiding principle in managing users and access rights is that a person's access should match what their role genuinely needs. A person should be given the access their role requires to do their work, and not access beyond that. This is sometimes put as giving each person the access they need and no more. Managed this way, each person can do their genuine work, the system's information and integrity are protected, because no one has access their role does not warrant, and the access across the business genuinely reflects who should be doing and seeing what.
Managing access in Odoo
Odoo governs access through users, who have access rights, and groups, which are how access is sensibly organised, a group corresponding to a kind of access, so a user can be given the access of the groups appropriate to their role. Managing users and access rights in Odoo means setting up the users for the business's genuine people, and giving each the access, through the appropriate groups, that their genuine role requires. The aim is that each person's access genuinely matches their role.
Access management is ongoing
An honest note. Managing users and access rights is not done once; it is ongoing, because the business's people change and people's roles change. New people need users set up with the right access; people who leave should no longer have access; people whose roles change should have their access change to match. Managing access well means keeping the users and access rights current as the business's people and their roles genuinely change. Access kept current genuinely reflects who should be doing and seeing what; access allowed to drift does not.
The takeaway
Managing users and access rights in Odoo governs who can do and see what. Access has to be managed because not everyone should be able to do and see everything, which is a risk to the security and integrity of the business's information. The guiding principle is that a person's access should match what their role genuinely needs, and no more. Odoo governs access through users, access rights, and groups, and managing it well means each person's access matching their role, kept current as people and roles change. For how we approach Odoo, see our ERP practice.