Skip to Content
Odoo Menu
  • Sign in
  • Try it free
  • Apps
    Finance
    • Accounting
    • Invoicing
    • Expenses
    • Spreadsheet (BI)
    • Documents
    • Sign
    Sales
    • CRM
    • Sales
    • POS Shop
    • POS Restaurant
    • Subscriptions
    • Rental
    Websites
    • Website Builder
    • eCommerce
    • Blog
    • Forum
    • Live Chat
    • eLearning
    Supply Chain
    • Inventory
    • Manufacturing
    • PLM
    • Purchase
    • Maintenance
    • Quality
    Human Resources
    • Employees
    • Recruitment
    • Time Off
    • Appraisals
    • Referrals
    • Fleet
    Marketing
    • Social Marketing
    • Email Marketing
    • SMS Marketing
    • Events
    • Marketing Automation
    • Surveys
    Services
    • Project
    • Timesheets
    • Field Service
    • Helpdesk
    • Planning
    • Appointments
    Productivity
    • Discuss
    • Approvals
    • IoT
    • VoIP
    • Knowledge
    • WhatsApp
    Third party apps Odoo Studio Odoo Cloud Platform
  • Industries
    Retail
    • Book Store
    • Clothing Store
    • Furniture Store
    • Grocery Store
    • Hardware Store
    • Toy Store
    Food & Hospitality
    • Bar and Pub
    • Restaurant
    • Fast Food
    • Guest House
    • Beverage Distributor
    • Hotel
    Real Estate
    • Real Estate Agency
    • Architecture Firm
    • Construction
    • Property Management
    • Gardening
    • Property Owner Association
    Consulting
    • Accounting Firm
    • Odoo Partner
    • Marketing Agency
    • Law firm
    • Talent Acquisition
    • Audit & Certification
    Manufacturing
    • Textile
    • Metal
    • Furnitures
    • Food
    • Brewery
    • Corporate Gifts
    Health & Fitness
    • Sports Club
    • Eyewear Store
    • Fitness Center
    • Wellness Practitioners
    • Pharmacy
    • Hair Salon
    Trades
    • Handyman
    • IT Hardware & Support
    • Solar Energy Systems
    • Shoe Maker
    • Cleaning Services
    • HVAC Services
    Others
    • Nonprofit Organization
    • Environmental Agency
    • Billboard Rental
    • Photography
    • Bike Leasing
    • Software Reseller
    Browse all Industries
  • Community
    Learn
    • Tutorials
    • Documentation
    • Certifications
    • Training
    • Blog
    • Podcast
    Empower Education
    • Education Program
    • Scale Up! Business Game
    • Visit Odoo
    Get the Software
    • Download
    • Compare Editions
    • Releases
    Collaborate
    • Github
    • Forum
    • Events
    • Translations
    • Become a Partner
    • Services for Partners
    • Register your Accounting Firm
    Get Services
    • Find a Partner
    • Find an Accountant
      • Get a Tailored Demo
    • Implementation Services
    • Customer References
    • Support
    • Upgrades
    Github Youtube Twitter Linkedin Instagram Facebook Spotify
    +32 2 290 34 90
    • Get a Tailored Demo
  • Pricing
  • Help
  1. APPS
  2. Attendances
  3. Door Access Control v 17.0
  4. Sales Conditions FAQ

Door Access Control

by ERP Heritage https://www.erpheritage.com.au/
Odoo
v 17.0 Third Party 44
Download for v 17.0 Deploy on Odoo.sh
Apps purchases are linked to your Odoo account, please sign in or sign up first.
Versions 16.0 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies • Attendances (hr_attendance)
• Discuss (mail)
• Employees (hr)
Community Apps Dependencies Show
• Attendance Suite Base
• EH HR Platform Core
• Face Kiosk Attendance
• EH HR Compatibility
Lines of code 4770
Technical Name eh_hr_attendance_access_control
LicenseLGPL-3
Websitehttps://www.erpheritage.com.au/
Versions 16.0 17.0 18.0 19.0
ERP Heritage · HR Platform
ERP Heritage / Attendance Suite

Door Access Control for Kiosks

Turn a successful kiosk face match into a door unlock, with per-employee zone permissions and an append-only audit row on every attempt.

Free · LGPL-3Odoo 17 CommunityFree / LGPL-3v1.0.0
Face match unlock
Per-employee zones
Webhook readers
Append-only audit
Valid-from / valid-to

Why this module

Door Access Control for Kiosks

Gated by permission

A match is not a free pass

The unlock only fires when the employee holds an active permission for the zone and today falls inside its valid-from and valid-to window. No permission, no unlock, and the denial is still recorded.

Every attempt logged

An audit row whatever happens

Allowed, denied for no permission, reader denied, reader error, no reader, or no zone: each path writes an eh.hr.access.event row with employee, zone, reader, site, device, outcome, reader response, and milliseconds elapsed.

Vendor-neutral

One protocol, any hardware

Odoo POSTs a JSON unlock command to your reader webhook. Relay, Wiegand, MQTT, or proprietary boards sit behind a one-page bridge that exposes an HTTP endpoint, so the Odoo side stays hardware-agnostic.

Day in the life

From face match to open door

An employee steps up to the lobby kiosk and the face match succeeds. The kiosk JS fires the access trigger in the background while the usual success screen shows. The endpoint authenticates the device by its kiosk token, resolves the zone for that site, checks the employee holds a valid permission, then POSTs an unlock command to the zone reader's webhook. The bridge opens the door and auto-relocks after the configured seconds. An audit row lands on the Access events list with the outcome and round-trip time. If the employee has no permission, the door stays shut and the denial is logged for the manager to review.

Edge cases

The cases most modules quietly ignore.

In the shipped code today, each one a place where a cheaper module silently does the wrong thing.

Self-service-proof

The unlock is fire-and-forget from the kiosk: door hardware delays never slow the visible match flow, and the server writes the audit row regardless of whether the browser request completes.

Device auth

The trigger endpoint is public but requires a valid X-EH-Kiosk-Token mapped to an active terminal. No token returns 401, an unknown employee returns 404, and an employee from another company than the device is rejected.

Rate limited

The endpoint is throttled per kiosk token or client IP through the shared rate-limit model, returning 429 when over budget so a stuck or hostile kiosk cannot hammer the readers.

Time-boxed access

Permissions carry optional valid-from and valid-to dates evaluated in the request's local timezone, so a contractor badge expires on its own without anyone disabling the row.

Append-only audit

No group has write access to access events, and even admins can only read, create, and delete. The audit trail cannot be edited after the fact through the application layer.

Multi-company scoping

Zones, readers, permissions, and events all carry company_id with global record rules, and the endpoint matches zones only within the device's own company.

Cron isolation

The daily retention sweep deletes stale events in a bounded batch per company against each company's own retention horizon and reports progress through ir.cron._commit_progress so the framework can reschedule the remainder.

Reader fault handling

A 2xx is recorded allowed, a 4xx reader_denied, and a 5xx or network failure reader_error with the truncated response text and elapsed milliseconds captured on both the event and the reader's last-status fields.

What is inside

Built to do the job, end to end.

  • Zones and readers. eh.hr.access.zone names a controlled space with a URL-safe code, the kiosk sites that grant access to it, and its readers. eh.hr.access.reader holds the webhook URL, an optional bearer token visible only to admins, the HTTP timeout, and the auto-relock seconds sent to the bridge. A test-unlock button on the reader form helps commission the bridge.
  • Permissions and audit. eh.hr.access.permission links an employee to a zone with optional validity dates and a unique row per employee and zone. eh.hr.access.event is the append-only outcome log with a colour-coded list, today-by-default filter, and group-by outcome, zone, employee, or day. Door access permissions also appear inline on the employee form.
  • Endpoint, JS hook, and cron. The /eh_hr/kiosk/access/trigger controller resolves device, zone, permission, and reader then records the event. A small JS hook wraps the kiosk match call and fires the trigger only when the match returns success. A daily cron sweeps events past each company's retention horizon, defaulting to 365 days.

Honest about the edges

What this does not do, so nothing surprises you.

  • Ships a single reader protocol, HTTP webhook. Relay, Wiegand, MQTT, or proprietary boards need a small bridge service that exposes an HTTP endpoint; that bridge is not included.
  • One zone per kiosk site is resolved per unlock: when several zones share a site the first active match wins. Multi-zone-per-site routing is not yet supported.
  • The unlock is a side effect of the match, not a gate on it. The kiosk shows its success screen regardless of whether the door actually opens.
  • Auto-relock is sent to the bridge as a parameter; the relock itself is performed by your hardware, not enforced by Odoo.
  • The reader webhook call is synchronous inside the trigger request and depends on the configured HTTP timeout, default four seconds.
  • Requires the ERP Heritage attendance base and face kiosk modules; it extends that kiosk rather than providing standalone biometric matching.
Search

Odoo 17 access control, door access control Odoo, biometric door unlock, face recognition door access, attendance access control, hr attendance door integration, kiosk door unlock, webhook door reader, Wiegand relay bridge Odoo, per employee zone permission, access event audit log, physical access control Odoo Community, ERP Heritage attendance suite, multi-company door access

Work with ERP Heritage

Need this fitted to the way you work?

ERP Heritage delivers end to end Odoo work: Odoo Implementation, Customization and Development, Integration, Migration, Consultation, Support and Training. We help teams put this module into production, shape it to their process, and keep it running.

Build and tailor
Odoo Implementation, Customization and Development, scoped to your workflow.
Connect and move
Odoo Integration and Migration across systems and Odoo versions.
Run and support
Odoo Support and Training so your team stays productive after go live.
Plan and advise
Odoo Consultation and ERP Consulting, from discovery to roadmap.

We work with businesses across Australia (Melbourne, Sydney, Brisbane, Perth, Adelaide, Canberra) and the Middle East (Dubai, Abu Dhabi, Riyadh, Jeddah, Doha, Kuwait City, Muscat). Start a conversation at erpheritage.com.au or email info@erpheritage.com.au.

ERP Heritage

Production-grade Odoo HR, built to an engineering bar and documented honestly. Support: info@erpheritage.com.au
Developed by ERP Heritage - Top Odoo Partner

v1.0.0 · LGPL-3 · Odoo 17 Community

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Community
  • Tutorials
  • Documentation
  • Forum
Open Source
  • Download
  • Github
  • Runbot
  • Translations
Services
  • Odoo.sh Hosting
  • Support
  • Upgrade
  • Custom Developments
  • Education
  • Find an Accountant
  • Find a Partner
  • Become a Partner
About us
  • Our company
  • Brand Assets
  • Contact us
  • Jobs
  • Events
  • Podcast
  • Blog
  • Customers
  • Legal • Privacy
  • Security

Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc.

Odoo's unique value proposition is to be at the same time very easy to use and fully integrated.

Website made with