Skip to Content

Advanced Access Management & Security Studio for Odoo 18

by
Odoo

197.24

v 18.0 Third Party 3
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 2155
Technical Name access_management_studio_pro
LicenseOPL-1
Websitehttps://www.subisoft.in
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Lines of code 2155
Technical Name access_management_studio_pro
LicenseOPL-1
Websitehttps://www.subisoft.in
Odoo 18 OPL-1 License Enterprise-Grade Server-Side Enforced
Advanced Access Management
& Security Studio
The most complete access control solution for Odoo 18.
7 rule types. Server-enforced. Zero workarounds.
7
Rule Types
30+
Restrictions
100%
Server-Side
0
JS Hacks
2155
Lines of Code
🗂️
Menu Rules
Hide any menu server-side. Never sent to browser.
🔲
Field Rules
Hide/read-only/required via view cache injection.
🔒
Model Rules
Restrict create, edit, delete, export per model.
Button/Tab Rules
Auto-discover & hide buttons and form tabs.
📄
Report Rules
Remove reports from Print menu server-side.
💬
Chatter Rules
Granular chatter control per component.
🌐
Global Rules
Read-only mode, login lock, dev mode block.
🏗️
Architecture
DB-level filtering, session injection, MutationObserver.
Why Server-Side Enforcement Matters
CSS hiding can be bypassed in seconds. Ours cannot.
✗ CSS-Only Modules
✗  Hidden elements still in DOM
✗  Bypassed via browser dev tools
✗  Server sends all data anyway
✗  User can inspect & remove CSS
✗  False sense of security
✓ This Module
✓  Menus removed at load_menus()
✓  Fields patched in view cache
✓  Reports filtered at get_bindings()
✓  Zero hidden data sent to browser
✓  MutationObserver catches dynamic elements
Complete Overview
One Module. Total Control.
7 independent rule types working together
🌐
Rule Type 01
Global Access Rules
▶ LIVE DEMO
Rule Configuration
Before — New + Upload buttons visible
After — New + Upload removed (read-only mode)
After — Form view in read-only mode
What you can do
Read-Only User — locks entire interface
Disable Developer Mode
Disable Login — lock user account
Hide Import button system-wide
Hide Export button system-wide
Hide Duplicate & Archive from cog menu
Hide Filters and Group-By in all views
Restrict Script / XMLRPC
Block Module Install / Uninstall / Upgrade
Session-levelsession_info()JS + Server
🗂️
Rule Type 02
Menu / Sub-menu Rules
▶ LIVE DEMO
Rule Configuration
Before — Full sidebar visible
After — Sub-menus hidden from sidebar
What you can do
Hide any top-level app menu
Hide specific sub-menus
Apply to users OR groups
Removed via load_menus() server-side
Hidden menus never in JSON response
load_menus()Server-sideNever in DOM
🔒
Rule Type 03
Model Access Rules
▶ LIVE DEMO
Rule Configuration — Disable Create & Export ON
Before — New + Upload visible, full access
After — New button removed, export disabled
What you can do
Disable Create — removes New button
Disable Edit — form read-only
Disable Delete — protect records
Disable Archive / Unarchive
Disable Duplicate
Disable Export
Make Model Read-Only — one toggle for all
Domain Filter — limit visible records
View arch injectionCog menu JSPer-model
🔲
Rule Type 04
Field Access Rules
▶ LIVE DEMO
Rule Configuration — Hide Customer field
Before — Customer field visible on form
After — Customer field completely hidden
What you can do
Hide Field — removed from arch everywhere
Read-Only — visible not editable
Make Required — enforce data entry
Works in form, list, kanban, quick-create
Dropdown field selection — no technical names needed
Patched in view cache — cannot be bypassed
postprocess_and_fields()Cache-safeAll view types
Rule Type 05
Button / Tab Rules
▶ LIVE DEMO
Rule Configuration — Confirm + Optional Products + Other Info selected
Before — Confirm button & all tabs visible
After — Confirm button & tabs hidden
What you can do
Buttons auto-discovered from all form views
Tabs discovered including inherited views
Hide or Read-Only restriction
Additional names for unlisted elements
MutationObserver catches dynamically rendered elements
Auto-discoveryMutationObserverModel-scoped
📄
Rule Type 06
Report Access Rules
▶ LIVE DEMO
Rule Configuration — Quotation/Order & Request for Quotation hidden
Before — Print menu shows 3 reports
After — Only PDF Quote & Loading Receipt remain
What you can do
Select reports from dropdown — no technical names
Hidden reports never in Print submenu
Server-side via get_bindings()
Option to hide entire Reporting menu
Apply per user or group
get_bindings()Server-sidePer-model
💬
Rule Type 07
Chatter Access Rules
▶ LIVE DEMO
Rule Configuration — Hide Entire Chatter ON
Before — Full chatter with Send message, Log note, Activities
After — Entire chatter section hidden
What you can do
Hide Send Message button
Hide Log Note button
Hide Schedule Activity button
Hide entire Chatter section
Hide Followers widget
Apply globally or per specific model
Individual toggles grey out when Hide Entire Chatter is ON
Per-modelGlobal rulesGranular
Under The Hood
Technical Architecture
Enterprise-grade — not CSS tricks
🏗️ postprocess_and_fields()
Field rules patched inside view cache. Cannot be removed via browser. Works in form, list, kanban, quick-create views.
🗺️ load_menus() Override
Menu rules applied at server. Hidden menus never reach browser. Handles Odoo 18 list and dict formats.
📄 get_bindings() Override
Report rules remove entries before Print submenu is built. Zero data sent for hidden reports.
🗄️ DB-Level Filtering
Rules use SQL JOINs on user_ids / group_ids. Scales to 1000+ users. No Python loops.
⚡ Session Context Injection
TAM context injected via session_info(). Available in JS at page load — no async RPC.
👁️ MutationObserver
Watches DOM for dynamic buttons, tabs, dropdowns. Handles Odoo OWL component lifecycle.
🔐 Login-Level Enforcement
Disable Login via direct SQL. No ORM overhead in auth flow. Race-condition safe.
🎯 Model-Scoped JS
Button rules scoped to active model via data-model attribute. No cross-model false positives.
Ready to Get Started?
Take Full Control of Odoo Access Today
Install once. No code changes. Works on Community & Enterprise.
✓ Odoo 18 ✓ OPL-1 Licensed ✓ Community + Enterprise ✓ SubiSoft Technologies ✓ www.subisoft.in 
Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.
Control and manage user access to ratings in Odoo. This module allows administrators to define permissions for viewing, creating, editing, and managing rating records across different users and departments, ensuring secure and organized feedback management.
by
Manoj
on 5/14/26, 7:09 AM


Control and manage user access to ratings in Odoo. This module allows administrators to define permissions for viewing, creating, editing, and managing rating records across different users and departments, ensuring secure and organized feedback management.
by
dhinesh
on 5/14/26, 7:15 AM Author

Thank you, Manoj, for your valuable feedback! We’re glad to hear that the access control and permission management features for Ratings are helping with secure and organized feedback management. Your support means a lot to us. Please feel free to reach out if you have any suggestions or feature requests.

This Module was very Interesting & Curious to Explore , The Most specific is user restrictions at every stage is very advanced. Such an Wonderful Experience
by
Aswin
on 5/14/26, 6:16 AM


This Module was very Interesting & Curious to Explore , The Most specific is user restrictions at every stage is very advanced. Such an Wonderful Experience
by
dhinesh
on 5/14/26, 7:16 AM Author

Thank you, Aswin, for your wonderful review! We’re happy to know you found the module advanced and useful for detailed user restrictions at every stage. We designed it to provide flexible and powerful access management. Your appreciation motivates us to keep improving the module further.

There are no comments yet!