VH Database Sentinel
Catch database access that skips Odoo — and writes that skip the ORM.
Odoo 17 · Community · OPL-1
What it does
DB Sentinel was built for one telltale symptom: @api.constrains
not firing on records that appear out of nowhere — a sign that something is
writing straight into PostgreSQL, or running cr.execute in custom
code, instead of going through the Odoo ORM. It watches live connections,
installs PostgreSQL audit triggers on the tables you choose, scans server
actions and addon source for raw SQL, and logs every API key authentication.
Everything it finds becomes a de-duplicated, optionally e-mailed alert.
Detection, not prevention. This tool tells you unauthorized access
happened; stopping it is a job for pg_hba.conf, a firewall and
credential rotation.
Requirements
Python libraries
None beyond Odoo core.
System
PostgreSQL 12+ (uses PL/pgSQL triggers,
to_jsonb, EXECUTE FUNCTION).
Odoo depends
base, mail
Four detection layers
1 · Connection monitor
Every 5 minutes, reads
pg_stat_activity and flags foreign DB users, unexpected
application_name, and non-whitelisted client IPs.
2 · Audit triggers
Per-table PostgreSQL triggers catch
INSERT/UPDATE/DELETE that bypass the ORM: foreign client, missing
create_uid, untouched write_date.
3 · Raw-SQL scanner
Finds server actions and non-core addon
source that use cr.execute / env.cr /
_cr..
4 · API key monitor
Logs every API key authentication (user, key, scope, IP, time) and flags keys with no scope or no expiration.
How to use
- Install the module — a DB Sentinel menu appears for the DB Sentinel Manager group.
- Open Settings and set an Alert Email (and IP whitelist, if any).
- Go to Watched Tables, add a table, and click Install Trigger. Start with sensitive, low-write tables.
- Watch Alerts. The scheduled jobs run on their own; use the Run a scan now buttons for an immediate check.
| Reason | Means |
|---|---|
foreign_client |
Write came from a non-Odoo application_name |
missing_create_uid |
INSERT left create_uid NULL (ORM always sets it) |
write_date_not_touched |
UPDATE did not bump write_date (opt-in check) |
📚 Detailed guides included in the module
The module ships with two step-by-step
documents under its doc/ folder, so you can configure everything
without guesswork:
- Configuration guide (
doc/CONFIGURATION_GUIDE.md) — plain-language, goal-by-goal setup ("I want to detect direct edits to payroll", "I want email alerts", …), every settings field explained, a suggested tables-to-watch list, and an FAQ. - Behaviour reference (
doc/BEHAVIOR_REFERENCE.md) — exactly which cases are logged, what is written and where, with decision tables and concrete examples per layer, plus a "does this action create a log?" cheat sheet.
Screenshots
Alerts — every detection funnels here, colour-coded by severity.
Alert detail — status flow (New → Acknowledged → Closed), full context and a chatter log.
Watched Tables — one click installs a PostgreSQL audit trigger on the table.
Raw Events — forensic detail of each non-ORM write: app name, client IP, DB user, backend PID.
API Key Usage — who used which API key, from where, and when (Layer 4).
Settings — IP whitelist, alert email, severity threshold, API key logging, and one-click manual scans.
Need help?
Questions, bug reports or feature requests — email us and we'll reply within one business day. Every purchase includes support.
Support: vuhaiqn90@gmail.com
Please include your Odoo version and, where relevant, the alert detail or the table you are watching so we can help faster.
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 1049 |
| Technical Name |
vh_db_sentinel |
| License | OPL-1 |
| Website | https://apps.odoo.com/apps/modules/browse?author=Uv+Iah |
DB Sentinel — Database intrusion & integrity detection
Overview
DB Sentinel is a detection tool for Odoo that surfaces database access which did not go through the Odoo server, and writes that bypassed the ORM — the classic cause of @api.constrains not firing on records that "appear" out of nowhere. Everything it finds becomes a de-duplicated, optionally e-mailed alert.
It is a detection aid, not a prevention boundary: real prevention lives in pg_hba.conf, a firewall and credential rotation. DB Sentinel tells you that unauthorized access happened.
Four detection layers:
- Connection monitor — reads pg_stat_activity every 5 minutes and flags foreign DB users, an unexpected application_name and non-whitelisted client IPs.
- PostgreSQL audit triggers — per-table AFTER INSERT/UPDATE/DELETE triggers catch writes that bypass the ORM (foreign client, missing create_uid, untouched write_date). A watchdog re-installs any audit trigger someone drops and raises a critical alert.
- Raw-SQL scanner — finds server actions and non-core addon source files that use cr.execute / env.cr / self._cr.
- API-key monitor — logs every API key authentication (user, key, scope, IP, time) and flags keys with full scope or no expiration.
Installation
- Copy vh_db_sentinel into your Odoo addons path. It depends only on base and mail — no external Python packages.
- Update the apps list and install VH DB Sentinel, then restart Odoo.
- Requires PostgreSQL 12+ (uses PL/pgSQL triggers, to_jsonb and EXECUTE FUNCTION). Compatible with On-Premise and Odoo.sh.
Configuration
- A top menu DB Sentinel appears for members of the DB Sentinel Manager group (which implies full system settings access).
- Open DB Sentinel → Settings: set an Alert Email, an optional IP Whitelist, the Email Minimum Severity and whether to Log API Key Usage.
- Go to Watched Tables, add a PostgreSQL table (e.g. project_task, hr_employee) and click Install Trigger. Start with a few sensitive, low-write tables rather than high-traffic ones.
Usage
The scheduled jobs run on their own; use the Run a scan now buttons in Settings for an immediate check. All findings funnel into DB Sentinel → Alerts (a mail.thread model with New → Acknowledged → Closed and a chatter log). Raw trigger events are visible under Raw Events and API key activity under API Key Usage.
Alerts are throttled by a dedup key (one alert per condition per 6 hours). If an Alert Email is configured and the severity is high enough, an email is sent (best-effort; SMTP errors are logged, never fatal).
Limitations
- Detection, not prevention — it reports, it does not block.
- An attacker with DB credentials can drop the trigger; the audit trail is only as trustworthy as the DB account controls around it.
- application_name is client-controlled and can be spoofed, so a matching name is a hint, not proof.
- write_date_not_touched is opt-in per table because core Odoo legitimately updates some columns with raw SQL.
Support
Questions, bug reports and feature requests: vuhaiqn90@gmail.com (please include your Odoo version).
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module