Security Groups & Access¶
Konfigurasi hak akses dan record rules pada Edig Expense.
Groups Hierarchy¶
group_expense_admin (Administrator)
+-- implies: group_expense_finance
+-- implies: group_expense_hr
group_expense_finance (Finance Approver)
+-- implies: group_expense_user
group_expense_hr (HR Approver)
+-- implies: group_expense_user
group_expense_user (User)
+-- implies: base.group_user
Record Rules¶
| Rule | Domain | Groups |
|---|---|---|
| User - own | employee_id.user_id = user.id |
user |
| Manager - team | employee_id.user_id = user.id OR employee_id.parent_id.user_id = user.id |
user |
| HR/Finance/Admin | (1, '=', 1) (semua) |
hr, finance, admin |
Model Access¶
| Model | User | HR | Finance | Admin |
|---|---|---|---|---|
edig.expense |
CRUD (no delete) | CRUD (no delete) | CRUD (no delete) | Full |
edig.expense.line |
Full | Full | Full | Full |
edig.expense.zona.rate |
Read only | Read only | Read only | Full |
edig.expense.kota |
Read only | - | - | Full |
Penting
User biasa tidak bisa menghapus expense. Hanya Admin yang memiliki full access termasuk delete.
Selanjutnya: Bridge Module | Sebelumnya: Accounting & Journal Entry