📖 update docs

access_restricted/README.rst

@@ -2,18 +2,32 @@
    :alt: Tested and maintained by IT Projects Labs
    :target: https://itpp.dev
 
+
 Restricted administration rights
 ================================
 
-The module makes impossible for administrator to set (and see) more access rights (groups) than he already has.
-The only partial exception of this rule is made if you are already a member of the 'Allow add implied groups from settings' security group.
-Then you are allowed to escalate your privileges but just from ``Settings`` menus (by means of ``group_XXX`` boolean fields of ``res.config.settings`` models views).
+The module hides from an **Internal User** all groups where he is not added to. 
+So, he cannot add himself to any **groups** 
+and cannot grants other users more access rights than he has himself.
+
+This module adds a special group **'Allow add implied groups from settings'** whose users
+can grant other users more access rights by adding them to the same group.
+
+Also using this module, you can restrict access to change some settings of the other modules (e.g. CRM, Sales etc.), 
+because modules often make features optional by restricting them to users of certain groups.
 
-This doesn't affect superuser, of course.
 
 Typical usage of the module.
 ----------------------------
 
-The superuser creates an administrator user without access group "Show Apps Menu" (see **access_apps** module). Then the administrator has access to settings, but not able to install new apps (without this module he can add himself to "Show Apps Menu" and get access to apps).
+This example requires **access_apps** module `be installed <https://apps.odoo.com/apps/modules/14.0/access_apps/>`_.
+
+- The superuser creates an admin user without any ``Apps Access`` option in its settings. Then the admin has access to settings, but not able to install new apps.
+
+
+- Without this module, the admin can change the option to ``Apps access: Allow installing apps`` and get access to apps management.
+
+
+
 
 Tested on `Odoo 14.0 <https://github.com/odoo/odoo/commit/c16d4b5e7b9181c2c792f595a117de10510d45be>`_

access_restricted/doc/index.rst

@@ -5,30 +5,58 @@
 Installation
 ============
 
-* `Install <https://odoo-development.readthedocs.io/en/latest/odoo/usage/install-module.html>`__ this module in a usual way
+* `Install <https://odoo-development.readthedocs.io/en/latest/odoo/usage/install-module.html>`__ this module in a usual way.
 
 Configuration
 =============
 
-* By default all users except a superuser restricted to escalate the privileges
-* There is only one configuration option this module provides. Under superuser open menu ``[[ Settings  ]] >> Users & Companies >> Users``
-* In ``Access Rights`` tab you can select 'Allow add implied groups from settings' -
-  to allow some users to configure modules by means of ``group_XXX`` fields from ``Settings`` menus
+**IMPORTANT NOTE:**  After installing the module, only superuser can see all the groups without limitations. 
 
+This module allows certain users to configure modules from ``[[ Settings ]]`` 
+menu using boolean fields which ``Field`` value starts with a **group_** 
+`(This info is displayed when hovering over the option name if developer tools is enabled)`
+
+The only users who are in special group **'Allow add implied groups from settings'** 
+have access to make changes in forbidden for others fields. 
+
+There is only one configuration option this module provides:
+
+- Under superuser open  ``[[ Settings  ]] >> Users & Companies >> Users``  and select user's profile 
+- In ``Access Rights`` tab activate 'Allow add implied groups from settings'
+
+The user is then allowed to add additional access groups for himself 
+by using the Boolean settings fields. `(res.config.settings models views)`
+
 Usage
 =====
+Let's take an example of using this module and **Sales** module (sale_management).
+
+**Without this module installed:**
+
+Say you have a user with administration rights ``Administration: Access Rights``.
+This user thus may increase his own rights in ``Access Rights > Sales`` 
+from ``Sales: User: Own Documents Only`` to ``Sales: Administrator``.
+
+Also he can open menu ``[[ Sales ]] >> Configuration >> Settings`` and 
+select Customer Addresses (**group_** sale_delivery_address) there and then click ``[Apply]`` button 
+
+
+**With this module installed:** 
+
+The example user cannot increase their privileges.
+There is no ``Sales: Administrator`` option for it and for this reason 
+there are no module settings, including the 
+``Client Addresses`` option.
+
+============
 
-Let's take ``Sales (sale_management)`` module as an example.
+To activate the ``Customer Addresses`` option, the user must be:  
 
-Without this module installed:
+- with administration rights ``Administration: Settings`` and also with ``Sales: Administrator`` rights
 
-* Say you have a user with administration rights ``Administration: Access Rights``. This user thus may increase his own rights in ``Application Accesses`` from ``Sales: User: Own Documents Only``
-  to ``Sales: Administrator``. Also he can open menu ``[[ Sales ]] >> Configuration >> Settings`` and select ``Customer Addresses`` there
-  and then click ``[Apply]`` button (adding ``group_sale_delivery_address``)
+- is included in the **'Allow add implied groups from settings'** group.
 
-With this module installed:
+The screenshot shows a user who is not included to 'Allow add implied groups from settings' group 
+and therefore cannot activate the ``Customer Addresses`` option.
 
-* The user from previous example cannot increase his privileges. There is no ``Sales: Manager`` option for him, and also no ``Customer Addresses``
-  option in module configuration
-* The only exception is done for users who are in special group 'Allow add implied groups from settings' - if your user is included in this group by the superuser then you may select
-  ``Customer Addresses`` from ``Sale`` module ``Configuration >> Settings`` menu
+.. image:: access_restricted_screenshot.png