From Wiki

[edit] Attendees

• Christophe <christophe@tinyerp.com>
• Jean-Baptiste <jean-baptiste.aubort@camptocamp.com>
• Vincent (c2)

[edit] Base principle

• The Administrator group can only administrate (menu Administration, full access)
• The ERP Manager group can only administrate the users of the ERP (with some restrictions)
• When a module create its groups, the Management group is added to the admin user (base.user_admin). Example:

<record id="base.user_admin" model="res.users">
    <field eval="[(4 ,ref('group_production_manager')) ,(4, ref('group_production_worker'))]" name="groups_id"/>
</record>

[edit] Groups

• group_admin (Administrator): Can access all the administration (users, modules...)
• group_erp_manager (ERP Manager): Can only access the user Administration (but cannot set a user as Admin (himself included) (see #TODO))
• group_hr_manager (Human Ressource Manager)
• group_employee (Employee)
• group_salesman (Salesman)
• group_sales_manager (Sales Manager)
• group_crm_user (CRM User)
• group_crm_manager (CRM Manager)
• group_currency_user (Currency User)
• group_currency_manager (Currency Manager)
• group_partner (Partner Contact)
• group_partner_manager (Partner Manager)
• group_project_manager (Project Manager)
• group_project_member (Project Member)
• group_stock_manageer (Stock Manager)
• group_supply_manager (Supply Manager)
• group_production_manager (Production Manager)
• group_account_manager (Accounting Manager)
  • group_account_payment (Payment)
  • group_account_statement (Statement)
  • group_account_ sales_inventory (Sales inventory)
  • group_account_purchase_inventory (Purchase inventory)

[edit] Groups proposal

• Administration/Workflow Manager
• Administration/Translations Manager

[edit] Correspondance with the C2C CSV list

• gr_user -> Employee
• gr_none -> ()
• gr_vente -> Salesman / Sales Manager
• gr_crm -> CRM
• gr_crm_manager -> CRM Manager
• gr_project -> Project Manager
• gr_compta -> Accounting Manager
• gr_stock -> Stock Manager
• gr_hr -> Human Ressource
• gr_supply -> Supply Manager
• gr_product -> Product Manager
• gr_production -> Production Manager
• gr_erpmanager -> ERP Manager
• gr_admin -> Administrator
• gr_fin_payment -> Accounting Payment
• gr_fin_statment -> Accounting Statement
• gr_fin_sales_inv -> Accounting Sales inventory
• gr_fin_purchase_inv -> Accounting Purchase inventory

new groups:

• Partner Contact
• Partner Manager

[edit] What have been done

• user groups: rename "admin" group - r8677 (C2C)
• user groups: drop "user" group (unused) - r8677 (C2C)
• user groups: add a comment field - r8678 (C2C)
• by default, an user had no access - r8679
  • I known, now, the trunk version is unusable because nobody have accesses...
  • lucky you, a bug allow you to still read objects
• bugfix in the client: no more crash when the users cannot access the shortcuts - r8680

[edit] TODO

• Only a user in Administration Group can assign a user in this Administration Group (see C2C patch)
• Warning if a model don't set at least one access right. Possibility to deactivate this check (for specific internal models)
• Warning/notice if access rights are added to the administration group (no need)
• Programmatically hide menu entry if there is no right to see the object/module (auto-hide menu)