d99835e
The group public is defined in base so no need to add security rule in website_payment module (same as for portal)
Do not allow everybody to access account.transactions. Restrict by default to readonly and even restrict the access with a record rule, give access to salesman.