Access Denied on Res Partner on 7.0
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Odoo Server (MOVED TO GITHUB) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Dear All,
As Administrator, I create a record rule to restrict access to contacts. Bellow the rule definition for object "res.partner":
['|','|
Read access only. Then, I attached the "See Own leads" group to this rule.
When I user of this group try to tape any in the "select (search) bar" of the Sales/Clients menu, He got the following error:
Acces denied
The requested operation cannot be completeddue to security restrictions ...
Document type: Partner, Operation: Read)
I tried this in a new & empty database. I create an New user (user2) attached to group "See Own Leads".
We created 2 partners. Test1 and Test2 with user_id as admin and user2.
I logged as User2. From menu "Sales/Clients:
Scenario 1:
- I taped in the search bar the letter "t" which is in Test1 and Test2 partner name) ==>
Acces denied
The requested operation cannot be completeddue to security restrictions ...
Document type: Partner, Operation: Read)
- I taped in the search bar the letter "k" which is not in Test1 and Test2 partner name) ==> no problem!!!
| description: | updated |
| description: | updated |
| description: | updated |
| Olivier Dony (Odoo) (odo-openerp) wrote | #1 |
| information type: | Private Security → Public |
Hi,
This looks like a consequence of bug 1094212, so I'm marking it as a duplicate.
PS: please don't check the "Security Vulnerability" option when reporting a bug unless you bug report really describes a possible security vulnerability (typically a bug that can be exploited to gain elevated privileges or execute unauthorized operations).