You can do it with code:
1.
auth.add_permission(group_id, 'name', 'object', record_id)
gives permission "name" (user defined) on the object "object" (also user
defined) to members of the group group_id. If "object" is a tablename then
the permission can refer to the entire table by setting record_id to a value
of zero, or the permission can refer to a specific record by specifying a
record_id value greater than zero. When giving permissions on tables, it is
common to use a permission name in the set ('create', 'read', 'update',
'delete', 'select') since these permissions are understood and can be
enforced by CRUD.
Or in appadmin:
http://127.0.0.1:8000/appadmin/insert/db/auth_permission
