[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Health] Tryton Access Rules | Defaults for defined user groups

From: Christoph H. Larsen
Subject: Re: [Health] Tryton Access Rules | Defaults for defined user groups
Date: Sun, 22 Jan 2012 08:40:12 +0430
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110820 Iceowl/1.0b2 Icedove/3.1.12

Hi Ronald,

Thanks a lot for your prompt reply.

On 22/01/12 02:38, ronald munjoma wrote:
> Hi Chris,
> On 21 January 2012 13:38, Christoph H. Larsen
> <address@hidden <mailto:address@hidden>>
> wrote:
>     Dear Crowd,
>     The problem: I have set up a range of "Parties", including patients,
>     employees , insurance companies and institutions.
>     Likewise, I have a number of user groups, such as "Human Resources",
>     "Patient Registration", etc.
>     Evidently, we want to make sure that the guys in Human Resources canot
>     snoop on the patient core daty put down by "Patient Registration' in
>     Parties.
>     Hence, I used the access model "Party" for both "Human Resources" and
>     "Patient Registration", and defined access rules like:
>     Human Resources can see those objects in the Party model, if the field
>     is_institution = False AND if the field is_insurance_company = False AND
>     if the field is_patient = False. Sounds easy, but it is not: The Rules
>     in the Access Permissions tab of Groups can only do OR, not AND, or this
>     is what I believe, as I cannot string conditions together. It does not
>     make any difference, whether I put all conditions into ONE rule, or have
>     sequential rules with single conditions set up. Any ideas?
In a nutshell, my question is: How can I do AND conditional roles for
access to an object specified in -> Groups -> Access Permissions ->
Access Model or Access Field? The mechanism in -> Groups -> Access
Permissions -> Rules seems to do only OR, i.e. becomes effective,
whenever ANY of the rules I set is satisfied. This is a bit of a weird
restriction, and bad for record safety ;-). Have I missed something? It
seems that the threads you mentioned do not address this issue.
>     Also, for the group "Patient Registration", I would love to have the
>     fields is_patient and is_person set to TRUE, both to make life easier,
>     and to prevet the locking the patient registration staff from locking
>     themselves out of party records, when they forget to set is_patient to
>     TRUE. Any way how to define default values in Tryton?
Any ideas regarding how to set default values for specific fields? Here
you can see my glaring lack of knowledge ;-)
> Some what similar requirements were discussed on the list before, there
> is a proposal to have acess roles by default, see task
> #11368: 
> Find below previous discussions (hope they address your issues):
> and
Yes, I am well aware of the old OpenERP heritage of even denying access
rights to admin, once access to an object has been modified. Hence, I
always create universal access to the respective object for admin FIRST,
and then restrict it further for the group(s) in question. No worries
about that one...
> Regards
> Ronald 
>     Thanks a millions, and best regards from Kabul -
As always, thanks a lot, indeed!
>     Chris

reply via email to

[Prev in Thread] Current Thread [Next in Thread]