odoo-addons/addons/cetmix_tower_server/security/cx_tower_key_security.xml

<?xml version="1.0" encoding="utf-8" ?>
<odoo>
    <!-- Manager Read Rules -->
    <record id="rule_key_manager_read_users" model="ir.rule">
        <field name="name">Key: Manager Read Access - Users/Managers</field>
        <field name="model_id" ref="model_cx_tower_key" />
        <field
            name="domain_force"
        >['|', ('user_ids', 'in', [user.id]), ('manager_ids', 'in', [user.id])]</field>
        <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
        <field name="perm_read" eval="1" />
        <field name="perm_write" eval="0" />
        <field name="perm_create" eval="0" />
        <field name="perm_unlink" eval="0" />
    </record>

    <record id="rule_key_manager_read_secret" model="ir.rule">
        <field name="name">Key: Manager Read Access - Secret Type</field>
        <field name="model_id" ref="model_cx_tower_key" />
        <field name="domain_force">[('key_type', '=', 's')]</field>
        <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
        <field name="perm_read" eval="1" />
        <field name="perm_write" eval="0" />
        <field name="perm_create" eval="0" />
        <field name="perm_unlink" eval="0" />
    </record>

    <record id="rule_key_manager_read_ssh" model="ir.rule">
        <field name="name">Key: Manager Read Access - SSH Key</field>
        <field name="model_id" ref="model_cx_tower_key" />
        <field name="domain_force">[('key_type', '=', 'k'), '|',
            ('server_ssh_ids.user_ids', 'in', [user.id]),
            ('server_ssh_ids.manager_ids', 'in', [user.id])]</field>
        <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
        <field name="perm_read" eval="1" />
        <field name="perm_write" eval="0" />
        <field name="perm_create" eval="0" />
        <field name="perm_unlink" eval="0" />
    </record>

    <!-- Manager Write/Create Rules -->
    <record id="rule_key_manager_write_managers" model="ir.rule">
        <field name="name">Key: Manager Write/Create Access - Managers</field>
        <field name="model_id" ref="model_cx_tower_key" />
        <field name="domain_force">[('manager_ids', 'in', [user.id])]</field>
        <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
        <field name="perm_read" eval="0" />
        <field name="perm_write" eval="1" />
        <field name="perm_create" eval="1" />
        <field name="perm_unlink" eval="0" />
    </record>

    <record id="rule_key_manager_write_ssh" model="ir.rule">
        <field name="name">Key: Manager Write/Create Access - SSH Key</field>
        <field name="model_id" ref="model_cx_tower_key" />
        <field name="domain_force">['&amp;', ('key_type', '=', 'k'),
            ('server_ssh_ids.manager_ids', 'in', [user.id])]</field>
        <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
        <field name="perm_read" eval="0" />
        <field name="perm_write" eval="1" />
        <field name="perm_create" eval="1" />
        <field name="perm_unlink" eval="0" />
    </record>

    <!-- Manager Delete Rules -->
    <record id="rule_key_manager_unlink_managers" model="ir.rule">
        <field name="name">Key: Manager Delete Access - Managers</field>
        <field name="model_id" ref="model_cx_tower_key" />
        <field
            name="domain_force"
        >[('manager_ids', 'in', [user.id]), ('create_uid', '=', user.id)]</field>
        <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
        <field name="perm_read" eval="0" />
        <field name="perm_write" eval="0" />
        <field name="perm_create" eval="0" />
        <field name="perm_unlink" eval="1" />
    </record>

    <record id="rule_key_manager_unlink_ssh" model="ir.rule">
        <field name="name">Key: Manager Delete Access - SSH Key</field>
        <field name="model_id" ref="model_cx_tower_key" />
        <field name="domain_force">[('key_type', '=', 'k'),
            ('server_ssh_ids.manager_ids', 'in', [user.id]),
            ('create_uid', '=', user.id)]</field>
        <field name="groups" eval="[(4, ref('cetmix_tower_server.group_manager'))]" />
        <field name="perm_read" eval="0" />
        <field name="perm_write" eval="0" />
        <field name="perm_create" eval="0" />
        <field name="perm_unlink" eval="1" />
    </record>

    <!-- Root Access Rule -->
    <record id="rule_key_root" model="ir.rule">
        <field name="name">Key: Root Full Access</field>
        <field name="model_id" ref="model_cx_tower_key" />
        <field name="domain_force">[(1, '=', 1)]</field>
        <field name="groups" eval="[(4, ref('cetmix_tower_server.group_root'))]" />
    </record>
</odoo>