Skip to Content

Admin Settings Guard

by
Odoo

9.91

v 17.0 Third Party
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 215
Technical Name fp_admin_settings_guard
LicenseOPL-1
Websitehttps://flow.com.bd
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Lines of code 215
Technical Name fp_admin_settings_guard
LicenseOPL-1
Websitehttps://flow.com.bd
FP Admin Settings Guard
🛡️

Stops Privilege Escalation

Access Rights users cannot promote themselves or another user to Administration / Settings access.

🔒

Server-Side Enforcement

Form saves, RPC/API writes, generated group fields, direct group writes, and implied groups are protected.

No Workflow Impact

Normal user and permission management stays available. Only the protected Settings permission is restricted.

Why This Module Is Needed

A user who can manage normal user permissions should not automatically be able to control the highest Settings-level administration permission. This module adds a clear server-side boundary between normal Access Rights management and sensitive Settings administration.

Access Rights users can still

  • Create and edit regular users according to their access level.
  • Manage normal group permissions outside the protected Settings group.
  • Use existing Odoo user administration screens without custom external tools.

Access Rights users cannot

  • Grant themselves Administration / Settings permission.
  • Add Settings permission to another user.
  • Remove or indirectly modify protected Settings membership through group changes.

Point-by-Point Feature Details

1. User Form Protection

  • Generated user permission fields are checked during save.
  • Administration / Settings permission is blocked for non-Settings users.
  • Unauthorized changes show a clear access warning.

2. Direct Group Write Guard

  • Direct res.users.groups_id updates are protected.
  • RPC, import, custom code, and form writes pass through the same server rule.
  • Protected Settings membership cannot be bypassed from backend writes.

3. Settings Group Membership

  • Direct edit of the Administration / Settings group is checked.
  • Only Settings-level users can grant or remove Settings access.
  • Normal groups remain editable according to the user's rights.

4. Implied Group Protection

  • Indirect permission escalation through implied groups is blocked.
  • Groups cannot be adjusted to silently imply Settings access.
  • The guard works consistently for visible and hidden permission switches.

How It Works

1

Access Rights User

Can manage normal users and standard permissions.

2

Sensitive Change

Tries to add, remove, or indirectly modify Administration / Settings access.

3

Server Guard

The request is blocked and Settings permission remains safe.

Demo Video

Watch the demo video to see how FP Admin Settings Guard protects the Administration / Settings permission from unauthorized Access Rights users.

YouTube Watch Demo on YouTube

Safety Notes

  • This module protects only the sensitive Administration / Settings permission boundary.
  • Authorized Settings users can still manage Settings permission normally.
  • Normal user administration workflow remains available for Access Rights users.
  • Protection is implemented server-side to reduce bypass risk from RPC, import, or custom writes.
FlowPro Soft

FlowPro Soft

Odoo security, implementation, customization, and business automation support.

Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.