Access Management Dashboard
by Access Management Dashboard Team https://apps.odoo.com/apps/modules/19.0/access_management_dashboard/$ 41.99
Step 1 â Activate the module for each user
Right after installation, the Access Management menu only shows for users who have been granted the module's access group. Do this once per user before anything else:
Open Settings
Go to Settings → Users & Companies → Users.
Pick the user
Select the username you want to give access to and open their profile.
Enable the module
On the Access Rights tab, under the Access Management Dashboard section, tick the checkbox for that user, then save.
Done â menu appears
The Access Management app menu now shows for that user after a page refresh.
Control every Odoo permission from one visual command center.
Access Management centralizes menu visibility, model operations, fields, list-view columns, domains, buttons, chatter, attachments, filters, time-bound access, rule templates, preview simulation, conflict detection, bulk assignment, emergency Break-Glass, compliance review reports, GDPR exports and PDF certificates â all in one professional dashboard.
Granular restrictions across every layer of Odoo
Apply precise visibility and operation controls to menus, models, fields, list columns, domains, buttons, chatter, filters and attachments â individually or all at once.
Menu & Submenu Access
Hide any top-level app or nested submenu from specific users or groups. The menu simply disappears â no error, no redirect.
NavigationModel Access (CRUD)
Hide Create, Edit, Delete, Archive, Duplicate, Import, Export, Reports, Actions and any view type (list, form, kanban, pivot, graph, calendar, gantt, grid) per model.
CRUDField Access
Make fields Invisible, Read-Only or Required per user/group. Hide external links and hide specific fields from list-view columns without touching the view XML.
FieldsDomain Access
Apply record-level Odoo domain filters so users can only see, create, edit or delete records that match a custom domain expression â no Python needed.
Data scopeButton / Tab Access
Hide regular buttons, smart-buttons, notebook tabs, kanban card links and action buttons by name or string. Works across all models without view inheritance.
UI elementsChatter Access
Hide the entire chatter or individual actions: Send Message, Log Note, Schedule Activity, Followers list and Message history â per model or globally.
MessagingFilters & Group By
Hide the entire search panel or selectively remove Filter options, Group By options and Favorites from the search bar of any model.
SearchAttachment Control
Hide the attachment box, disable Upload, Download or Delete operations â globally or per model. Prevent sensitive file exposure without custom code.
DocumentsGlobal Access
Apply a restriction to all models at once with one toggle: Hide Create, Edit, Delete, Duplicate, Export, Archive, Import, Settings and Attachment operations globally.
All modelsApply rules to exactly who needs them
Target policies by individual user, security group, company, or any combination. One rule can cover an entire department or a single contractor account.
Users & Groups
Apply a rule to specific users by direct selection, to every member of an Odoo security group, or to a mix of both. Group membership changes take effect automatically.
Flexible targetingMulti-Company Support
Scope each rule to one or several companies, or leave the company field empty to apply it across all companies. Works correctly with Odoo's allowed-companies switch.
Multi-tenantRead-Only User
One toggle makes a user unable to create, edit or delete anything across all Odoo models â ideal for auditors, board members or external reviewers who should only read.
One clickDisable Developer Mode
Automatically remove the debug parameter from the URL for selected users, preventing them from activating developer mode and bypassing the access rules.
SecurityTime-Bound / Expiring Access
Set a Valid From and Expires On date on every rule. The daily cron automatically archives expired rules in batches and triggers a weekly email report to admins.
Temporary accessRule Priority / Sequence
A Sequence field on every rule controls evaluation order. Lower numbers apply first â you can build layered policies where a general group rule is overridden by a specific user rule.
PredictableBuild, test and maintain policies faster
Presets, conflict detection, simulation, bulk operations and JSON import/export cut configuration time from hours to minutes.
Rule Templates / Presets
Four ready profiles: Contractor, External Auditor, Sales Read-Only and HR Restricted. Choose a template, select users/groups and generate a complete rule in seconds.
Faster setupPreview as User
Select any user and model to preview effective rules, global restrictions, model/field results and the rendered view architecture â before making changes live.
Prevent mistakesBefore / After Impact Simulation
Every rule form now shows the real-world impact of your pending edits before you click Save: how many users are affected, which models are touched, and a Before/After table of exactly which permissions flip â global flags, model CRUD, and field-level restrictions â compared to what is currently live for those same users.
Predict the blast radiusApproval Workflow
An optional setting (Settings > General Settings) that keeps every rule in Draft until it is submitted and then Approved by a member of the "Access Rule Approver" group â who can never be the same person who submitted it. Rejections require a written reason the submitter can see, and editing an already-Approved rule's permissions automatically drops it back to Draft so the change is re-approved before it takes effect. Off by default: nothing changes for existing installs until an admin turns it on.
Nobody approves their own requestRule Conflict Detection
An overlap detector checks active rules for the same users, companies, fields, models and domains. Conflicts appear as a clear inline warning inside the rule form.
Safer rulesBulk Assign Wizard
Add, replace or remove users/groups/companies across multiple rules in one wizard. Every bulk operation is recorded in the audit trail with full context.
Admin efficiencyImport / Export Rules (JSON)
Move access policies between databases using a structured JSON wizard that serializes all rule lines, targeting and settings â perfect for staging-to-production migrations.
MigrationEmergency Break-Glass Override
For urgent incidents an authenticated temporary override bypasses all restrictions for a selected user until expiry or manual revocation â fully logged and auditable.
Audited accessOne visual screen for the full access picture
The Access Matrix Dashboard turns complex permission configurations into clear operational intelligence â with export, heat-maps and drill-down built in.
Access Matrix Dashboard
Real-time view of effective rules by user, group, company and model. Shows active rule count, covered users, rule conflicts and recent audit events on one screen.
Live overviewRestriction Heat-Map
A Model à User heat-map shows restriction density with colour intensity. Darker cells indicate more or stricter overlapping rules â spot over-restricted accounts at a glance.
VisualCSV / Excel / PDF Export
Export the full access matrix in three formats. The PDF export respects the user's locale direction (LTR / RTL) and includes all active filters applied on the dashboard.
ReportingFavorite Filters
Save and reload named filter presets on the matrix dashboard. Each favorite is stored per user and can be managed, deleted or applied in one click.
ProductivityActive / Expired Drill-Down
Click the Active Rules or Expired Rules stat card to open a filtered list view of exactly those records â jump from the dashboard straight to the relevant rules in one click.
NavigationOdoo Dashboard Widget
An Access Rules Overview widget on the default Odoo home Dashboard (board.board) shows key stats â active rules, conflicts and expiring policies â without opening the module.
Home screenThe Access Matrix Dashboard at a glance
A real screenshot of the live dashboard running inside Odoo 16 â hero header, KPI cards, compliance score, filter & export bar, effective-rules matrix and audit stream, all on one screen.
Every remaining control, in plain sight
Additional operational features shipped inside the module â from list-view column hiding to session cache invalidation and RTL-aware PDF exports.
List-View Column Hiding
Remove specific list columns per user or group without touching view XML or inheritance â great for hiding cost, margin or salary columns from restricted profiles.
Hide External Links
Prevent Many2one records from being opened via the external-link icon in form views â keeps users on their assigned screens without drilling into sensitive linked records.
Kanban Card & Smart-Button Locks
Disable clickable kanban card links and smart-buttons so users cannot navigate to related counters (Meetings, Quotations, Activities) they should not access.
Auto Cache Invalidation
The per-session rule cache is invalidated automatically on any create / write / unlink of a rule line, so restrictions apply instantly to every online user.
Batched Cron Auto-Archival
A nightly cron scans expired rules in batches, archives them and writes a summary line into the audit log â no manual clean-up, and no long-running transactions.
read_group Statistics
Dashboard counters use aggregated read_group queries instead of fetching every rule row, keeping the KPI cards responsive on very large deployments.
Key Database Indexes
Rule-line models declare indexes on user, group, model and company columns, so per-request rule lookup remains fast even with tens of thousands of rules.
RTL-Aware PDF Exports
Matrix, Certificate, Review and GDPR PDFs auto-flip to right-to-left when the acting user's locale is Arabic â headers, tables and signature blocks all mirror correctly.
CHANGELOG & Semver
The bundled CHANGELOG.md follows Keep a Changelog with strict semantic versioning, so upgrades and rollbacks are predictable and diff-friendly.
Every change recorded and tamper-evident
SHA-256 hash chain, pivot analytics and automatic weekly reports keep administrators informed and provide the evidence trail required for internal and external audits.
Enhanced Audit Log
Every create, update, delete, import, export and automatic-expiry event is recorded with the acting user, target users/groups, affected companies and a detailed change summary.
TraceabilitySHA-256 Hash Chain
Each audit log row is signed with a SHA-256 hash of its content and the previous row's hash. Any tampered row breaks the chain â the signature status column flags it immediately.
IntegrityWeekly Expired-Rules Report
A scheduled cron emails admin users every week with a list of rules that have expired or were automatically archived, so no temporary access is silently left active.
MonitoringAudit-ready evidence for ISO 27001, SOX & GDPR
Three purpose-built compliance tools â a signed periodic review, a GDPR data-subject access report and a formal PDF certificate per rule â so auditors get structured evidence without custom development.
Access Review Report
A monthly cron automatically creates a draft review record. The admin opens it, checks the active-rules snapshot, adds findings, selects a compliance standard (ISO 27001 / SOX / GDPR) and clicks Confirm & Sign to produce a timestamped PDF with a full rules table and signature block â ready for an external auditor.
- ✓Monthly cron creates draft automatically
- ✓Active-rules snapshot locked on sign
- ✓PDF with reviewer name, date & signature line
GDPR Data Subject Access Report
Answers "Who can access records about Person X?" â select a partner or user account, choose the scope (common personal-data models or all models), preview the access table in the wizard and export a formal PDF for your DSR / SAR response file.
- ✓Covers res.partner, res.users, hr.employee & more
- ✓Live HTML preview inside the wizard
- ✓PDF with legal footer for DSR response records
PDF Certificate per Rule
Click Print Certificate on any rule form to generate a one-page formal certificate showing the rule name, users, groups, companies, scope summary (menus / models / fields / buttons / domains), validity dates and Approver. Includes a signature block for physical sign-off.
- ✓Approver + Approval Date fields on every rule
- ✓Full scope summary in one printed page
- ✓Signature block for physical or scanned approval
Never lose track of who changed what
Every access rule keeps its own change history, so a risky edit is never a one-way street.
Rule Versioning & Rollback
A full history of every access rule, right on the rule form. Nothing is ever overwritten silently, and any prior state is one click away.
1. Save a version on every edit
Creating or updating a rule automatically stores a complete snapshot â its fields plus every field/model/menu/domain/button/chatter/filter/attachment access line â as a new numbered version.
2. Roll back to any earlier version
Open the Versions smart button, pick any past version, and click Rollback to This Version to restore the rule exactly as it was â the rollback itself becomes a new version, so the trail is never broken.
One readable timeline, not a raw log table
Pick a user or a rule and get the whole story in plain language, merged from three different sources into one chronological view.
Access Change Timeline
Filter by a single user or a single rule and every event lines up in one table, newest first â no more cross-referencing the audit log, version history and review records by hand.
When was it added?
Exact date the access was first granted.
Who changed it?
The exact user behind every version and audit entry.
What changed?
Plain-language summaries instead of raw field diffs.
Reviewed or exported?
A clear Yes/No badge pulled from exports and signed Access Reviews.
Production-grade internals and tooling
Cache-first rule evaluation, automated tests, pre-commit hooks, schema migrations and six languages mean the module ships and stays clean in production.
Cache-First Rule Evaluation
Rules are fetched once per session from a server-side cache. Key database indexes, batched cron auto-archival and read_group-based statistics keep the module fast under load.
Performance6 Languages & RTL Support
Ships with English, Arabic (AR â full RTL layout polish), German, Spanish, French and Simplified Chinese. A Language Switcher wizard lets any user change locale without leaving the module.
i18nAutomated Test Suite
Four TransactionCase test files covering CRUD, rule expiry & cron batching, cache invalidation and JSON import/export round-trips. Runs with the standard Odoo test runner.
QualityPre-Commit & Linting
Black formatter, Ruff linter and pylint-odoo are wired in via .pre-commit-config.yaml. PEP 484 type hints are present throughout the newer modules.
Schema Migrations
Upgrade scripts in the migrations/ folder handle structural changes (new columns, indexes) automatically when upgrading between module versions.
PDF Documentation
A User Guide and a Developer Guide are bundled in the doc/ folder. The CHANGELOG follows Keep a Changelog format with full semantic-version history.
Five new enterprise-grade capabilities
Delegation, smart notifications, onboarding templates, time-based access windows and a real-time compliance score â all wired together in the same dashboard.
Access Delegation
One click to hand your permissions to a colleague while on leave. Set a start and end date, pick the rules, click Activate â the module grants access and logs every step in the Audit Trail.
- âAuto-expires at the configured date â no manual cleanup needed
- âChatter note on every rule showing who delegated and until when
- âFully reversible: Cancel at any time to instantly revoke proxy access
Notification System
Automated email alerts keep security officers informed without manual checks. Four event-driven templates fire at the right moment and deliver formatted, branded emails.
- âRule expiring in 7 days â warning email to all assigned users
- âEmergency Override activated â instant alert to approver
- âAccess Request rejected â email with reason to requester
- âNew SoD conflict detected â alert to rule creator
Onboarding / Offboarding Templates
Bundle all required access rules for a job role into a named template (Accountant, Sales Rep, Purchasing Officer â¦). Apply the full set to one or many users with a single wizard click.
- âSeparate Onboarding (Grant) and Offboarding (Revoke) template types
- âOrganised by job title and department for quick lookup
- âBatch apply to multiple users in one action â no repetitive setup
Time-Window Access
Restrict any access rule to specific days of the week and hours of the day. A cron runs every 30 minutes, activates rules when the window opens and deactivates them automatically when it closes.
- âPer-rule day selection (MonâSun) and From/To hours
- âPer-rule timezone â works correctly across multi-country deployments
- âChatter note logged every time a rule is blocked or restored
Webhook / SIEM Integration
Every security event â rule changes, emergency overrides, SoD violations, approval decisions â is pushed in real-time to any HTTP/HTTPS endpoint via signed JSON webhooks, enabling native integration with Splunk, Microsoft Sentinel, Elastic SIEM, Jira, or any custom receiver.
- âHMAC-SHA256 request signing â receivers can verify every payload
- âPer-webhook event filtering â subscribe only to the events you need
- âBuilt-in test ping, per-endpoint delivery stats (sent / errors / last status)
- â13 event types: rule_created, rule_approved, emergency_activate, sod_violation, conflict_detectedâ¦
Multi-Level Approval Chain
Replace the single-approver maker-checker with a configurable chain: Line Manager â Security Officer â CFO. Each level is signed digitally with a SHA-256 hash. The rule only activates once every step in the chain is complete.
- âReusable chain templates â attach one chain to many rules
- âRequire ANY or ALL approvers per step â flexible quorum rules
- âSHA-256 digital signature per approval, tamper-evident chain of custody
- âMaker-checker at every step â a submitter can never approve their own rule
Cross-Company Comparison Report
In Multi-Company deployments, the same job role (Accountant, Sales Repâ¦) may silently accumulate different permissions across companies. This report compares rules, restricted models, hidden menus and field-level restrictions side-by-side and highlights every discrepancy with a red flag.
- âSelect any subset of companies and a job position keyword to scope the comparison
- âSide-by-side matrix: â / â per company for every rule, model, menu and field
- âDiscrepancy counter with colour-coded summary â zero-config to run
Role Mining (AI-Assisted Role Suggestions)
Scans every active user's effective rules and automatically clusters users with similar permissions using Jaccard similarity. Each cluster is a "suggested role" you can collapse into a single Odoo security group â dramatically reducing rule sprawl in large orgs.
- âConfigurable similarity threshold and minimum cluster size
- âShows common access rules, shared model/menu/field restrictions per cluster
- âActionable guidance: suggested group name + which rules to consolidate
Compliance Score Dashboard
A single percentage at the top of the dashboard tells the CISO the security posture at a glance. The score combines three weighted risk factors: expired rules, unresolved SoD conflicts and time-blocked rules. A colour-coded grade (AâF) turns a raw number into an immediate action signal.
From policy design to audit-ready control
Select targets
Choose a ready preset or create a rule, then select users, groups and companies.
Set restrictions
Configure sequence, menus, models, fields, list columns, chatter, filters and attachments.
Preview & approve
Check conflicts, preview the final user experience, set an Approver and print the PDF Certificate.
Monitor & certify
Sign monthly Access Reviews, respond to GDPR DSRs and monitor the audit log dashboard.
All features included in one professional module
One-time license for the purchased database. No monthly fee.
- ✓ Access Matrix Dashboard
- ✓ Import / Export
- ✓ Expiring Access
- ✓ Attachment Control
- ✓ 6 Languages + RTL
- ✓ Rule Presets
- ✓ Preview & Conflict Detection
- ✓ Emergency Break-Glass
- ✓ Access Review Report
- ✓ GDPR DSR Export
- ✓ PDF Certificate per Rule
- ✓ Rule Versioning & Rollback
- ✓ Access Change Timeline
- ✓ Access Delegation (temp. proxy)
- ✓ Smart Email Notifications
- ✓ Onboarding / Offboarding Templates
- ✓ Time-Window Access
- ✓ Compliance Score Dashboard
- ✓ Webhook / SIEM Integration (Splunk, Sentinel, Elasticâ¦)
- ✓ Multi-Level Approval Chain (digital signatures)
- ✓ Cross-Company Comparison Report
- ✓ Role Mining (AI-assisted role suggestions)
WAIKO — Web & App Developer
Production-focused Odoo module development with attention to practical administration workflows, clean configuration screens and long-term maintainability.
Menus & Models • Fields & List Columns • Domain Access • Button & Chatter Rules • Attachment Control • Rule Presets • Preview as User • Conflict Detection • Bulk Assign • Emergency Break-Glass • Enhanced Audit Log • SHA-256 Hash Chain • Access Review (ISO 27001 / SOX) • GDPR DSR Export • PDF Certificate • User Access Inspector • Rule Versioning & Rollback • Access Change Timeline • Access Delegation • Smart Notifications • Onboarding Templates • Time-Window Access • Compliance Score • Webhook / SIEM Integration • Multi-Level Approval Chain • Cross-Company Comparison • Role Mining • 6 Languages + RTL
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Employees (hr) |
| Lines of code | 10790 |
| Technical Name |
access_management_dashboard |
| License | OPL-1 |
| Website | https://apps.odoo.com/apps/modules/16.0/access_management_dashboard/ |
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module