I want to make field readony based on group, and status.

Like i have two grops 1. Manager Group 2. User Group

If I give User Group to any user then and Status Done then field will be readonly for this user.

Hope I able to make it clear to understand

Thank

Create a functional field of type boolean. If the logged in user is under user group and state is done, then return true. Then in the view, specify attrs="{'readonly':[('boolean_field_name','=',True)]}"

OR

First create your form view. Then inherit the view also specify the groups. for example in sale order form view, i want to make the customer reference field readonly for group user when state is not in draft or sent.

<record id="view_order_form_cust_ref_readonly" model="ir.ui.view">
    <field name="name">sale.order.form.readonly.cust</field>
    <field name="model">sale.order</field>
    <field name="inherit_id" ref="sale.view_order_form"/>
    <field name="groups_id" eval="[(6, 0, [ref('base.group_user') ])]"/>
    <field name="arch" type="xml">
        <field name='client_order_ref'" position="attributes">
            <attribute name="attrs">{'readonly':[('state','not in',['draft','sent'])]}</attribute>
        </field>
    </field>
</record>

you can apply access rule on field level in OpenERP, like in py

'name': fields.char('Name', size=128, required=True, select=True,
 read=['base.group_user'] ),

And for status in xml:

<field name="name " attrs="{'readonly': [('state','=','done')]}"/>

There is another sweet way to achieve this. Create one functional field and in that check for group assigned to that user and do not store that field. In View use that field in attrs.

Let say in product you don't want to allow any user to modify Internal Reference if user does not belongs to Product Modify group.

Create one group.

<data noupdate="1" >
    <record model="res.groups" id="group_product_modify">
        <field name="name">Product Modify</field>
        <field name="users" eval="[(4, ref('base.user_root'))]"/> 
    </record>
</data>     

Python file

class product_template(models.Model):
    _inherit="product.template"

    @api.one
    def set_access_for_product(self):
        self.able_to_modify_product = self.env['res.users'].has_group('product_extended_ecom_ept.group_product_modify')

    able_to_modify_product = fields.Boolean(compute=set_access_for_product, string='Is user able to modify product?')

XMl file should be looking like,

<record model="ir.ui.view" id="product_template_update_internal_code_ept">
            <field name="name">Product Template extension</field>
            <field name="inherit_id" ref="product.product_template_only_form_view"/>
            <field name="model">product.template</field>
            <field name="priority" eval="50" />
            <field name="arch" type="xml">
                <field name="default_code" position="before">
                    <field name="able_to_modify_product" invisible="1" />
                </field>
                <field name="default_code" position="attributes">
                    <attribute name="attrs">{'readonly' : [('able_to_modify_product','=',False)]}</attribute>
                </field>
            </field>
        </record>   

In case if you are using Odoo web client(GUI) instead of code then there is a bit unorthodox way to do it. Just make a copy of the field which will contain same value as the original one(giving original field name in Related Field under Advanced Properties) and mark it as read-only.

Then you can hide original field from the users which cannot edit that field and hide the copy field from those who can edit by using groups attribute.

This kind of feature not supported in openerp.

Why you not go for tryton, it is fork of openerp.

If you want to do this, you can use one tric, make two form view of same object, show one to manager user and another to user group user, and make field readonly

Thanks