Add permission to group (or find where is the problem)

Question

I have this message:

The requested operation can not be completed due to security restrictions. Document type: Employee (hr.employee) Operation: read User: 23 Fields: - contract_id (allowed for groups 'Employees / Officer')

I would not like to add the user to the mentioned group because I want to restrict his actions, and this group has too many permissions. How can I know what permission is required for that specific field?

UPDATE

Create a module with just these lines. I am trying to overwrite the field by deleting the group but it doesn't work for me. What am I doing something wrong?

# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.

from odoo import api, fields, models
from odoo.osv import expression


class Employee(models.Model):
    _inherit = "hr.employee"

    contract_id = fields.Many2one('hr.contract', string='Current Contract',
        domain="[('company_id', '=', company_id)]", help='Current contract of the employee')

Answer 1

Odoo is nice for once and is telling you which field on which model is restricted. So in this case you should look into the field definition and will find:

contract_id = fields.Many2one(
    'hr.contract', string='Current Contract',
    groups="hr.group_hr_user",
    domain="[('company_id', '=', company_id), ('employee_id', '=', id)]",
    help='Current contract of the employee')

You can see the groups parameter which will lead to a restriction of this field to the following groups. Here it is one: hr.group_hr_user which is created with the hr App and also mentioned in Odoo's Access Error: "Employees / Officer".

So you could change the field definition, but i don't advise to do that. I'm not sure why there is no possibility for an Employee to atleast see some of the current contract information of his own contract.