yajo
commented
8 months ago I want to clarify that this only applies to Odoo 16+ because it was in this version that Odoo added the credit limit feature in https://github.com/odoo/odoo/pull/83205. In previous versions there might still be some inconsistency, but we didn't check.
Views should be managed with standard permission: billing, full accounting and accounting manager
I agree.
Indeed this permission level seems to be completely useless now: https://github.com/OCA/credit-control/blob/28365672d0e1c75baa1d991f43107cc80c0cf897/account_financial_risk/security/security.xml#L7-L11
By removing it, we'd be able to undo the inconsistency. This way, also, installing other modules that used that core Odoo feature would be able to follow core permissions model without having to deal with the fact that there's an OCA module that introduces a separate permissions model.
Approve or not a sale or invoice which is blocked by exceded risk should be manager with a special security group as is in this moment with Financial Risk Manager
This also seems a good solution to me. It's about this permission, and it is still useful: https://github.com/OCA/credit-control/blob/28365672d0e1c75baa1d991f43107cc80c0cf897/account_financial_risk/security/security.xml#L12-L22
These users will be able to:
- Set up specific limits (not warnings, like upstream Odoo does (although they call them limits)).
- Skip those limits in specific occasions.
However, be warned that any other billing/full-accounting user would still be able to edit the global limit, just like with upstream Odoo. This is a bit inconsistent too, but at least it seems the lesser evil, given the current situation.
The module account_financial_risk would be adding that group and at the same time giving it some functionality, so it makes sense in that regard too.
Thanks for the analyisis and detailed explanation @rafaelbn.
github-actions[bot]
Hello,
We've observed an inconsistency regarding the visibility and editability of the "Financial Risk" tab within Odoo's billing and financial risk management functionalities. Specifically:
Billing Users & Financial Risk Permissions: Billing users, without manager permissions in the financial risk security group, cannot view or edit the "Financial Risk" tab. However, granting them manager permissions allows approval of invoices exceeding the limit, despite not having access to view or configure the tab directly.
Billing Managers & Access Restrictions: Billing managers can view the "Financial Risk" tab but are unable to edit it unless they have manager-level permissions in the financial risk security group.
User Group Utility in Financial Risk: The user-level security group for financial risk appears to provide no functional access or editing permissions for the "Financial Risk" tab, which seems redundant as Odoo natively allows write permissions on the credit limit field.
This setup raises questions about the intended utility and differentiation of access levels, particularly for the user-level group in financial risk management. It seems there's an opportunity to clarify or enhance the role and permissions associated with these security groups to ensure a more intuitive and functional access control system.
Could we discuss potential adjustments or clarifications to these security group permissions to better align with user roles and operational needs?
@yajo My 5 minutes (2x) vídeo around this topic: https://www.loom.com/share/c5e4b5298817425cac51be278079f50e?sid=3204edc3-e49a-40b1-94e3-7a554dcb51d6
My conclusion is:
@moduon MT-4827 @yajo