top of page
  • Writer's pictureTek Siong, Hock

Odoo CE Accounting - Access Right and Authorization

Updated: Apr 8, 2021

In the standard Odoo CE 12 Accounting, there are 3 primary roles for access right. Prior version of Odoo may used different terms for the following roles:

1) Billing - lowest level, who are assigned to do invoicing and payment (eg, Customer invoice, Vendor bill, Payment and Credit Notes).

Technical ID = account.group_account_invoice

2) Billing Manager - mid level, apart from invoicing and payment, will also access to some financial reports and configuration.

Technical ID = account.group_account_manager

3) Accountant - highest level, with full access to the Accounting module.

Technical ID = account.group_account_user

Click "Like" at the bottom of this blog, to motivate us to continue sharing more Odoo tips.


Accounting access is the most sensitive and critical in any company, and each company has its own organization team, department and access control.

As such, Odoo has the flexibility to customize the access right, with the following:

a) Menu Access

By controlling the visibility of the menu, the user will not be able to access it.

Example below is to allow the access for payment to only Accountant, in the view.

<record id="account.menu_action_account_payments_payable" model=""> <field name="groups_id" eval="[(6,0, [ref('account.group_account_user')])]"/> </record>

Alternatively, you can go to the Technical -> Menu Item.

Search for the menu name, eg, Payment, then add the group that allowed to access the menu.

b) Field Level and Button Access

By controlling the visibility of the button or field, the user will not be able to access it.

Example below is to allow the Invoice Cancel button to be visible to only Accountant/Billing Manager.

<record id="invoice_form_cancel_inherit_goexcel" model="ir.ui.view">
      <field name="name">invoice.form.cancel.inherit.goexcel</field>
      <field name="model">account.invoice</field>
      <field name="inherit_id" ref="account.invoice_form"/>
      <field name="arch" type="xml">
          <xpath expr="//button[@name='action_invoice_cancel']" position="attributes">
              <attribute name="groups">account.group_account_manager,account.group_account_user</attribute>

c) Record Level Access

You may control that salesperson can only see his/her invoices, or in the customer portal, customer will only view his/her invoices or Billing user only see his/her invoices.

You may view this blog for the details.

d) Python Code

The last option is always the python codes.

Example below is to restrict only Accountant/Billing Manager can change the account code in the Account Invoice line.
def _set_access_for_account_code(self):
    if self.env['res.users'].has_group('account.group_account_manager') or self.env['res.users'].has_group('account.group_account_user'):
        self.account_id_readonly = False
        self.account_id_readonly = True
account_id_readonly = fields.Boolean(compute="_set_access_for_account_code")

In the Account Invoice Form.

<xpath expr="//field[@name='account_id']" position="attributes">
      <attribute name="groups"/>
      <attribute name="attrs">{'readonly':[('account_id_readonly','=',True)]}</attribute>

Click "Like" at the bottom of this blog, to motivate us to continue sharing more Odoo tips.

234 views0 comments

Recent Posts

See All


bottom of page