Assign ir.model.field.access rights according to a domain like for ir.rule

Hi there,

I store confidential data about the employees of my company by overriding the company.employee model in my module.

So, I want the users in “Employee Administration” group see all employees and all information about these (no restrictions), and the users without this group see some employees (that I define thanks to and ir.rule models by putting domains), certain informations about the others employees but all information about themselves.

My issue takes place on this last point: I can grant access to a field to a group, but i can’t grant access to a field according to a domain like for ir.rule, to tell Tryton “If the employee is the employee linked to the authenticated user, then grants read to all fields.”

Is there a way to do that? Maybe by the a piece of code instead of the XML definition of the access rights ?

Thank for help.

No because views are static.

You must store confidential data in a different model.

So a kind of company.employee.details or company.employee.confidentials model on which I applie a ir.rule to let only the employee himself and Employees Administrators access it… Interesting!