Hi Stefano:
One way to do this would be to do the following:
Ensure that the user with Administration / Access Rights does not have Extra Rights / Technical Features privileges. This will prevent the user from using the Settings > Users & Companies > Groups menu item to add a user directly to a security group.
Customize the "Users" form and make the Administration field accessible only to users in the Administration / Settings group by adding a groups="base.group_system" attribute to the field.
Earlier, I had tried to do it myself, but that was too technical and time-consuming for me.
But after some research, I found this module on Odoo app store. Here is the link
https://apps.odoo.com/apps/modules/16.0/restrict_access_right_user
Hope it helps.
Hello,
I am using Odoo 14 Community Edition.
Can someone show me, please
where I can find the Administration / Settings to add groups = "base.group_system"?
Many Thanks
I don't think it is possible (as standard).
You are right that once you grant a user access to Administration (either of the two user access groups) you are giving them the ability to manage both Settings and User Access.
In a typical Odoo implementation this is probably OK, because you wouldn't have two separate people needing access to settings and user access. Do you have a requirement to set it up that way?
The method proposed from Paresh worked nice, thanks!
I also needed a couple of additional steps, because after this the user with "Access Rights" group is still able to clone/edit an user with "Settings" group, so:
added a record rule for the group "Access rights" to prevent edit all the users except administrator.
added a record rule for the group "Settings" to give the possibility to edit user adminstrator.
I don't think adding record rules will do the job because as long as the group "Access Rights" can edit record rules, it can modify all the security
