About Stock Access Rules


Stock Access Rules is an Odoo app, which allows managing users' access to internal locations and product stocks. The module lets you control movements and organizes geographically distributed warehouse systems in a better way.

The tool regulates rights for internal locations, available inventories (stock quants), inventory transfers (stock pickings), operation types (stock picking types), product moves, and stock moves. A user will be able to manage only those internal locations and related to those locations' stocks, and operations to which the access will be granted.

Define allowed users for Odoo locations or available locations for users. No other users would access those locations. If a location does not have allowed users, such location is 'global' - everybody can access that. If a user has rights to a location, such a user has rights also to all its child locations.

The rules work for everybody. Only users with the special right 'Super Warehouse Manager' are not influenced. Those users would have access to all locations and related documents disregarding settings.

The app is fully compatible with other Odoo Core Apps, including Point of Sale (POS). The tool also supports multi companies' environments.

Per-user restrictions

 

Secured warehouse management 

Full coverage and super rights 

Compatible with Odoo standard feature 



Managing the Locations Access


Define both allowed users for Odoo locations and available locations for users. After that, no other users will be able to access these locations. 

To define allowed users for location:

1. Open the Inventory app and go to Configuration > Locations or find the section 'Warehouses' in the Inventory settings and click 'Locations' (To turn on the locations option, tick the box 'Stock Locations' in the Inventory settings', section 'Warehouses'. The right to see locations belongs to the role 'Warehouse Manager')

2. Choose the location

3. Assign the allowed users in the field 'Own Allowed Users'


To define available locations for users:

1. Go to General Settings

2. Click 'Manage users'

3. Open a user

4. Go to the tab 'Preferences'

5. Find the section 'Available Locations'

6. Assign one or several locations for the user


Users with access to a location have access to all related child locations. So, these users will be automatically stated in the field 'All Allowed users' of all child locations.

Some child locations may have their own allowed users, in this case, you will see those in the field 'Own Allowed Users' as you edit the location. These users have access to this location and its children, but not to the parent ones.

When a parent location has its allowed users, they are also inherited by the child locations and are also written on the child location card in the field 'All Allowed Users'.

For example, we have the location 'WH' with no allowed users, so it is 'global' and can be accessed by anyone. Its child location 'WH' has some allowed users (Abigail Peterson, Anita Oliver), so only these users can access it and all its children. The location 'Stock' has a child 'Terminal 1' which inherits the parent's allowed user (Abigail Peterson, Anita Oliver) and also its own users (Doris Cole). Thus, all allowed users of 'Stock' (Abigail Peterson, Anita Oliver) can also access the location ' Terminal 1', however, own users of 'Terminal 1'  (Doris Cole) can access only this location and its children. The location 'Terminal 1' has a child location 'Zone' which has no own allowed users, however, it will inherit the allowed users of all the previous locations (Abigail Peterson, Anita Oliver, Doris Cole), they will be stated in the field 'All Allowed Users' and will have the access to the location 'Zone'. So, although the location 'Zone' has no own allowed users, it will not be 'global' as will inherit allowed users from all the parent locations. 

This structure will look the following way:

WH - 'global' location

WH/Stock - Own Allowed Users: Abigail Peterson, Anita Oliver

WH/Stock/Terminal 1 - All Allowed Users: Abigail Peterson, Anita Oliver; Own Allowed Users: Doris Cole

WH/Stock/Terminal 1/Zone - All Allowed Users: Abigail Peterson, Anita Oliver, Doris Cole; no Own Allowed Users

Keep in mind, that you can't manage the allowed users of a parent location, from the child locations. For example, you cannot delete allowed users of the location WH/Stock/Terminal 1/Zone as they were assigned to other locations and are inherited by this one.


If an internal location does not have allowed users, such location is 'global'. Hence, everybody can access it. Keep in mind, that once allowed users are stated to the parent location, they will also be applied to all child locations. So, they will not be 'global' anymore.

To make a closed location available again for all users, just delete all related users from the field 'Own Allowed Users', so not a single user is stated in the field 'All Allowed Users'. 

Restriction rules are applied for all users except Super Warehouse Managers (see Super Warehouse Manager).

It is possible to restrict access only to internal locations. The access to other location types, for example, virtual locations, is not influenced by the module and, thus, is regulated by the standard Odoo tools.

The module regulates access rights only to internal locations.




Inventory levels and Operations


The tool regulates rights for locations, available inventories (stock quants), inventory transfers (stock pickings), operation types (stock picking types), product moves, and stock moves. 

If a user has access to some internal locations, then he or she will be able to check the products' stock in those. The stock from the locations to which a user has no access is not shown to the user, so the number of products will be equal to 0.

When a user has the role 'Super Warehouse Manager', then he will be able to see all the inventory levels of a product.

For example, the total stock of the product 'Drawer' is 454 units in various locations. The sales manager Anita Oliver has access to only 4 of those locations. So, she sees the stock only in these locations, and that is 99 units.


The list of available operations types for a user is based on access rights to the internal locations. To see an operation, a user has to have access to both: the default source location and the default destination location.

If a user has no access to both locations, then the related operation types will not be seen by the user.

When one of the required locations is, for example, a virtual location and the other is internal, the access to the operation type will be defined according to the internal location. So, if a user has access to the internal location, he or she will be able to see the operation type.

When there are no restrictions (both locations are global), then such operation types can be seen by all users.

If a user has the role 'Super Warehouse Manager', then he will be able to see all operations types regardless of the settings.


The access to inventory transfers is also based on access to internal locations. To see the inventory transfer, a user has to have access to both the destination location and the source location. 

If a user has no access to both locations, then the related inventory transfers will not be seen by the user.

If there is an inventory transfer between an internal location and, for example, a virtual location, then the access right is defined according to the internal location. So, if a user has access to the internal location, he or she will be able to see the inventory transfer.

When there are no restrictions (both locations are global), then such inventory transfers can be seen by all users.

If a user has the role 'Super Warehouse Manager', then he will be able to see all inventory transfers regardless of the settings.

The list of available product moves is different for various users. To see the product move, a user should have access to both locations: the one stated in the field 'From' and the one stated in the field 'To'.

If a user has no access to both locations, then the related product moves will not be seen by the user.

If there is a product move between an internal location and, for example, a virtual location, then the access right is defined according to the internal location. So, if a user has access to the internal location, he or she will be able to see the product move.

When there are no restrictions (both locations are global), then such product moves can be seen by all users.

If a user has the role 'Super Warehouse Manager', then he will be able to see all product moves regardless of the settings.

A user can also see stock moves. However, only stock moves related to accessible locations will be shown. The user should have access to both the source location and destination location.

If a user has no access to both locations, then the related stock moves will not be seen by the user.

If there is a stock move between an internal location and, for example, a virtual location, then the access right is defined according to the internal location. So, if a user has access to the internal location, he or she will be able to see the stock move.

When there are no restrictions (both locations are global), then such stock moves can be seen by all users.

If a user has the role 'Super Warehouse Manager', then he will be able to see all stock moves regardless of the settings.


It is possible to avoid checks when a moves chain according to the push rules is created. This way, users will be able to validate transfers between the source and destination locations to which they have access, even if they do not have access to the final destination according to the push rules. For that:

1. Go to the Inventory Configurations page

2. Find the section 'Stocks Access Rules' and enable the option 'Push Rules: Avoid Security Checks'.

After that, push rules will be applied under the SuperUser (sudo). This way, it becomes possible to bypass security checks when generating the moves chain assumed by advanced push routes.




Super Warehouse Manager


The rules work for everybody. Only users with the special right 'Super Warehouse Manager' are not influenced. Those users would have access to all locations and related documents disregarding settings.

To assign a 'Super Warehouse Manager':

1. Go to General Settings

2. Click 'Manage users'

3. Choose a user

4. Find the section Inventory

5. In the field 'Inventory' choose 'Super Warehouse Manager'