Skip to Content
Odoo Menu
  • Sign in
  • Try it free
  • Apps
    Finance
    • Accounting
    • Invoicing
    • Expenses
    • Spreadsheet (BI)
    • Documents
    • Sign
    Sales
    • CRM
    • Sales
    • POS Shop
    • POS Restaurant
    • Subscriptions
    • Rental
    Websites
    • Website Builder
    • eCommerce
    • Blog
    • Forum
    • Live Chat
    • eLearning
    Supply Chain
    • Inventory
    • Manufacturing
    • PLM
    • Purchase
    • Maintenance
    • Quality
    Human Resources
    • Employees
    • Recruitment
    • Time Off
    • Appraisals
    • Referrals
    • Fleet
    Marketing
    • Social Marketing
    • Email Marketing
    • SMS Marketing
    • Events
    • Marketing Automation
    • Surveys
    Services
    • Project
    • Timesheets
    • Field Service
    • Helpdesk
    • Planning
    • Appointments
    Productivity
    • Discuss
    • Approvals
    • IoT
    • VoIP
    • Knowledge
    • WhatsApp
    Third party apps Odoo Studio Odoo Cloud Platform
  • Industries
    Retail
    • Book Store
    • Clothing Store
    • Furniture Store
    • Grocery Store
    • Hardware Store
    • Toy Store
    Food & Hospitality
    • Bar and Pub
    • Restaurant
    • Fast Food
    • Guest House
    • Beverage Distributor
    • Hotel
    Real Estate
    • Real Estate Agency
    • Architecture Firm
    • Construction
    • Property Management
    • Gardening
    • Property Owner Association
    Consulting
    • Accounting Firm
    • Odoo Partner
    • Marketing Agency
    • Law firm
    • Talent Acquisition
    • Audit & Certification
    Manufacturing
    • Textile
    • Metal
    • Furnitures
    • Food
    • Brewery
    • Corporate Gifts
    Health & Fitness
    • Sports Club
    • Eyewear Store
    • Fitness Center
    • Wellness Practitioners
    • Pharmacy
    • Hair Salon
    Trades
    • Handyman
    • IT Hardware & Support
    • Solar Energy Systems
    • Shoe Maker
    • Cleaning Services
    • HVAC Services
    Others
    • Nonprofit Organization
    • Environmental Agency
    • Billboard Rental
    • Photography
    • Bike Leasing
    • Software Reseller
    Browse all Industries
  • Community
    Learn
    • Tutorials
    • Documentation
    • Certifications
    • Training
    • Blog
    • Podcast
    Empower Education
    • Education Program
    • Scale Up! Business Game
    • Visit Odoo
    Get the Software
    • Download
    • Compare Editions
    • Releases
    Collaborate
    • Github
    • Forum
    • Events
    • Translations
    • Become a Partner
    • Services for Partners
    • Register your Accounting Firm
    Get Services
    • Find a Partner
    • Find an Accountant
      • Get a Tailored Demo
    • Implementation Services
    • Customer References
    • Support
    • Upgrades
    Github Youtube Twitter Linkedin Instagram Facebook Spotify
    +32 2 290 34 90
    • Get a Tailored Demo
  • Pricing
  • Help
  1. APPS
  2. Security
  3. VH Database Sentinel v 17.0
  4. Sales Conditions FAQ

VH Database Sentinel

by Uv Iah https://apps.odoo.com/apps/modules/browse?author=Uv+Iah
Odoo

$ 89.00

v 17.0 Third Party
Apps purchases are linked to your Odoo account, please sign in or sign up first.
Versions 14.0 15.0 16.0 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 1049
Technical Name vh_db_sentinel
LicenseOPL-1
Websitehttps://apps.odoo.com/apps/modules/browse?author=Uv+Iah
Versions 14.0 15.0 16.0 17.0 18.0 19.0
  • Description
  • Manifest
  • Documentation
  • License

VH Database Sentinel

Catch database access that skips Odoo — and writes that skip the ORM.

Odoo 17 · Community · OPL-1

What it does

DB Sentinel was built for one telltale symptom: @api.constrains not firing on records that appear out of nowhere — a sign that something is writing straight into PostgreSQL, or running cr.execute in custom code, instead of going through the Odoo ORM. It watches live connections, installs PostgreSQL audit triggers on the tables you choose, scans server actions and addon source for raw SQL, and logs every API key authentication. Everything it finds becomes a de-duplicated, optionally e-mailed alert.

Detection, not prevention. This tool tells you unauthorized access happened; stopping it is a job for pg_hba.conf, a firewall and credential rotation.

Requirements

Python libraries

None beyond Odoo core.

System

PostgreSQL 12+ (uses PL/pgSQL triggers, to_jsonb, EXECUTE FUNCTION).

Odoo depends

base, mail

Four detection layers

1 · Connection monitor

Every 5 minutes, reads pg_stat_activity and flags foreign DB users, unexpected application_name, and non-whitelisted client IPs.

2 · Audit triggers

Per-table PostgreSQL triggers catch INSERT/UPDATE/DELETE that bypass the ORM: foreign client, missing create_uid, untouched write_date.

3 · Raw-SQL scanner

Finds server actions and non-core addon source that use cr.execute / env.cr / _cr..

4 · API key monitor

Logs every API key authentication (user, key, scope, IP, time) and flags keys with no scope or no expiration.

How to use

  1. Install the module — a DB Sentinel menu appears for the DB Sentinel Manager group.
  2. Open Settings and set an Alert Email (and IP whitelist, if any).
  3. Go to Watched Tables, add a table, and click Install Trigger. Start with sensitive, low-write tables.
  4. Watch Alerts. The scheduled jobs run on their own; use the Run a scan now buttons for an immediate check.
Reason Means
foreign_client Write came from a non-Odoo application_name
missing_create_uid INSERT left create_uid NULL (ORM always sets it)
write_date_not_touched UPDATE did not bump write_date (opt-in check)

📚 Detailed guides included in the module

The module ships with two step-by-step documents under its doc/ folder, so you can configure everything without guesswork:

  • Configuration guide (doc/CONFIGURATION_GUIDE.md) — plain-language, goal-by-goal setup ("I want to detect direct edits to payroll", "I want email alerts", …), every settings field explained, a suggested tables-to-watch list, and an FAQ.
  • Behaviour reference (doc/BEHAVIOR_REFERENCE.md) — exactly which cases are logged, what is written and where, with decision tables and concrete examples per layer, plus a "does this action create a log?" cheat sheet.

Screenshots

Alerts — every detection funnels here, colour-coded by severity.

Alerts list

Alert detail — status flow (New → Acknowledged → Closed), full context and a chatter log.

Alert form

Watched Tables — one click installs a PostgreSQL audit trigger on the table.

Watched tables

Raw Events — forensic detail of each non-ORM write: app name, client IP, DB user, backend PID.

Raw events

API Key Usage — who used which API key, from where, and when (Layer 4).

API key usage

Settings — IP whitelist, alert email, severity threshold, API key logging, and one-click manual scans.

Settings

Need help?

Questions, bug reports or feature requests — email us and we'll reply within one business day. Every purchase includes support.

Support: vuhaiqn90@gmail.com

Please include your Odoo version and, where relevant, the alert detail or the table you are watching so we can help faster.

License OPL-1 · © Nguyễn Vũ Hải (Uviah)
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 1049
Technical Name vh_db_sentinel
LicenseOPL-1
Websitehttps://apps.odoo.com/apps/modules/browse?author=Uv+Iah

DB Sentinel — Database intrusion & integrity detection

Overview

DB Sentinel is a detection tool for Odoo that surfaces database access which did not go through the Odoo server, and writes that bypassed the ORM — the classic cause of @api.constrains not firing on records that "appear" out of nowhere. Everything it finds becomes a de-duplicated, optionally e-mailed alert.

It is a detection aid, not a prevention boundary: real prevention lives in pg_hba.conf, a firewall and credential rotation. DB Sentinel tells you that unauthorized access happened.

Four detection layers:

  • Connection monitor — reads pg_stat_activity every 5 minutes and flags foreign DB users, an unexpected application_name and non-whitelisted client IPs.
  • PostgreSQL audit triggers — per-table AFTER INSERT/UPDATE/DELETE triggers catch writes that bypass the ORM (foreign client, missing create_uid, untouched write_date). A watchdog re-installs any audit trigger someone drops and raises a critical alert.
  • Raw-SQL scanner — finds server actions and non-core addon source files that use cr.execute / env.cr / self._cr.
  • API-key monitor — logs every API key authentication (user, key, scope, IP, time) and flags keys with full scope or no expiration.

Installation

  1. Copy vh_db_sentinel into your Odoo addons path. It depends only on base and mail — no external Python packages.
  2. Update the apps list and install VH DB Sentinel, then restart Odoo.
  3. Requires PostgreSQL 12+ (uses PL/pgSQL triggers, to_jsonb and EXECUTE FUNCTION). Compatible with On-Premise and Odoo.sh.

Configuration

  1. A top menu DB Sentinel appears for members of the DB Sentinel Manager group (which implies full system settings access).
  2. Open DB Sentinel → Settings: set an Alert Email, an optional IP Whitelist, the Email Minimum Severity and whether to Log API Key Usage.
  3. Go to Watched Tables, add a PostgreSQL table (e.g. project_task, hr_employee) and click Install Trigger. Start with a few sensitive, low-write tables rather than high-traffic ones.

Usage

The scheduled jobs run on their own; use the Run a scan now buttons in Settings for an immediate check. All findings funnel into DB Sentinel → Alerts (a mail.thread model with New → Acknowledged → Closed and a chatter log). Raw trigger events are visible under Raw Events and API key activity under API Key Usage.

Alerts are throttled by a dedup key (one alert per condition per 6 hours). If an Alert Email is configured and the severity is high enough, an email is sent (best-effort; SMTP errors are logged, never fatal).

Limitations

  • Detection, not prevention — it reports, it does not block.
  • An attacker with DB credentials can drop the trigger; the audit trail is only as trustworthy as the DB account controls around it.
  • application_name is client-controlled and can be spoofed, so a matching name is a hint, not proof.
  • write_date_not_touched is opt-in per table because core Odoo legitimately updates some columns with raw SQL.

Support

Questions, bug reports and feature requests: vuhaiqn90@gmail.com (please include your Odoo version).

Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.
Community
  • Tutorials
  • Documentation
  • Forum
Open Source
  • Download
  • Github
  • Runbot
  • Translations
Services
  • Odoo.sh Hosting
  • Support
  • Upgrade
  • Custom Developments
  • Education
  • Find an Accountant
  • Find a Partner
  • Become a Partner
About us
  • Our company
  • Brand Assets
  • Contact us
  • Jobs
  • Events
  • Podcast
  • Blog
  • Customers
  • Legal • Privacy
  • Security

Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc.

Odoo's unique value proposition is to be at the same time very easy to use and fully integrated.

Website made with