Shop Floor Access Control
by Odoo DevHouse https://apps.odoo.com/apps/modules/browse?author=Odoo%20DevHouse$ 75.00
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Manufacturing (mrp)
• Employees (hr) • Discuss (mail) • Inventory (stock) |
| Lines of code | 189 |
| Technical Name |
dh_shopfloor_access |
| License | OPL-1 |
| Website | https://apps.odoo.com/apps/modules/browse?author=Odoo%20DevHouse |
| Versions | 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Manufacturing (mrp)
• Employees (hr) • Discuss (mail) • Inventory (stock) |
| Lines of code | 189 |
| Technical Name |
dh_shopfloor_access |
| License | OPL-1 |
| Website | https://apps.odoo.com/apps/modules/browse?author=Odoo%20DevHouse |
| Versions | 18.0 19.0 |
Shop Floor Access Control
Enforce workcenter-based employee restrictions on the MRP Shop Floor tablet. Only authorised employees appear in the login dialog - unauthorised names are invisible before they can even try.
Odoo's Shop Floor enterprise module includes an Employees with Access field on every workcenter - a built-in whitelist designed to restrict which operators may log in to a given Shop Floor station. But the field is purely cosmetic: it is never checked during the tablet login flow, so any employee in the company can log in to any workcenter regardless of what the whitelist says.
- Unskilled or uncertified employees can become session owner on restricted machines
- The "Add Operator" dialog shows the full company employee list at every station - no filtering
- Badge/barcode scans from any employee set them as session owner without any access check
- Managers who configure the whitelist get false confidence that it is enforced
- Audit trails and compliance reports show unauthorised operators on restricted workcenters
This module activates the existing Employees with Access whitelist at every login entry point on the Shop Floor tablet - no new fields, no new configuration. Simply populate the whitelist on a workcenter and the enforcement kicks in automatically.
Layer 1 - Dialog filtering: The "Add Operator" dialog is narrowed to show only whitelisted employees. Unauthorised names are invisible - they can never be selected.
Layer 2 - Badge / barcode scan: When an unauthorised employee scans their badge, a clear "Not authorized for this workcenter" notification appears immediately. No PIN prompt, no session change.
Layer 3 - Server-side gate: Even if someone attempts to log in by bypassing the interface, the server rejects the request - protecting against any form of workaround.
BEFORE (vanilla Odoo)
AFTER (with this module)
- Dialog Filtering: "Add Operator" dialog lists only employees whitelisted on the active workcenter - unauthorised names never appear
- Badge / Barcode Gate: Scanned employee badge is checked against the whitelist before any session change; a clear danger notification appears on denial
- Server-Side Enforcement: An additional server-side check blocks any login attempt even when the interface is bypassed - three independent layers of protection
- Session-Synced: The active workcenter is tracked on every dialog open and workcenter switch - enforcement always reflects the current station
- No New Fields: Uses the existing Employees with Access field already present on every workcenter - no extra configuration needed
- Zero Friction for Authorised Employees: Whitelisted operators experience no change - their names appear and their PIN login works exactly as before
- Full Backward Compatibility: Workcenters with an empty whitelist behave identically to vanilla Odoo - any employee can log in
- Workcenter Switch Aware: Switching the active workcenter mid-session immediately updates which employees are visible in the next login dialog
Configure the Workcenter Whitelist
Go to Manufacturing → Configuration → Work Centers, open a workcenter, and populate the Employees with Access field with the operators who are authorised for that station. Leave the field empty to impose no restriction.
Operator Opens the Shop Floor Tablet
The tablet navigates to the workcenter's Shop Floor view. The module automatically registers which workcenter is active - all subsequent access checks for this session are scoped to that workcenter's whitelist.
Click "Add Operator" - Filtered Dialog Opens
When the Add Operator button is clicked, the module reads the workcenter's whitelist and filters the employee selection dialog before it opens. Only employees on the whitelist are shown. Unauthorised employees are absent - they cannot be selected.
Unauthorised Badge Scan - Immediate Notification
If an employee scans a badge or barcode, the whitelist is checked before any session change occurs. If the employee is not authorised, a red danger notification appears immediately: "Not authorized for this workcenter." - no PIN prompt, no session update.
Authorised Employee Logs In Normally
A whitelisted employee selects their name, enters their PIN, and becomes session owner - exactly the same as standard Odoo, with zero added friction.
Layer 1 - Dialog Filter
The "Add Operator" employee list is filtered before it renders. Unauthorised employees never appear in the dialog - the cleanest user experience: they cannot even attempt to log in.
Layer 2 - Badge Scan Check
Badge and barcode scans are intercepted before the session is updated. An access check runs instantly and a clear notification is shown on denial - no misleading PIN prompt appears.
Layer 3 - Server Gate
The server validates every login attempt against the active workcenter's whitelist and rejects unauthorised requests - even if someone attempts to bypass the interface entirely.
Assembly 2 - Allowed Employees field is empty
No whitelist configured - any employee can log in to this workcenter.
Assembly 1 - 3 employees whitelisted
Only Anita Oliver, Jeffrey Kelly, and Marc Demo can log in to this workcenter.
Shop Floor Tablet - No Restriction
Employees panel is open with the "+ Add Operator" button visible at the bottom.
Shop Floor Tablet - Restricted Workcenter
Assembly 1 is the active workcenter. Work orders are visible in the background.
"Select Employee" dialog - Assembly 2
No whitelist -> all company employees appear. Anyone can log in to this workcenter.
"Select Employee" dialog - Assembly 1
Whitelist active -> only Anita Oliver, Jeffrey Kelly, and Marc Demo appear. All others are invisible.
Certified Machine Operators
Restrict CNC, laser, or press workcenters to operators who hold the relevant safety certification - prevent uncertified staff from accidentally starting a restricted machine.
Pharmaceutical & Cleanroom
GMP-regulated environments require that only trained and approved personnel operate specific production lines - ensure audit trails reflect only authorised operators.
Shift-Based Access
Assign day-shift employees to day-shift workcenters and night-shift employees to night-shift stations - prevent cross-shift logins that corrupt time and productivity logs.
High-Value or Hazardous Stations
Limit access to explosive, chemical, or high-voltage workcenters to trained safety officers only - a critical safeguard in environments where an untrained operator poses physical risk.
Specialist Skills
Quality inspection, calibration, or finishing workcenters that require a specific skill set - restrict the station so only qualified specialists are visible in the login dialog.
Compliance & Audit Trails
ISO, FDA, and industry-specific audits often require proof that only authorised personnel operated specific equipment - this module ensures the Odoo audit trail reflects reality.
Installation & Configuration
- Prerequisites: Requires Odoo 18 with the Shop Floor enterprise module (mrp_workorder) installed and activated
- Install: Copy the module to your addons path and install via Apps → Update App List → Search "Shop Floor Access Control"
- Configure: Go to Manufacturing → Configuration → Work Centers, edit any workcenter, and populate Employees with Access with the allowed operators
- Test: Open the Shop Floor tablet for that workcenter and click Add Operator - only listed employees should appear
- Leave empty for no restriction: Workcenters with an empty Employees with Access field behave exactly as before installation
Note: The module enforces the whitelist on a per-session basis. Switching the active workcenter mid-session immediately updates the access check - the next "Add Operator" dialog will reflect the newly selected workcenter's whitelist.
What happens on workcenters that have no employees listed?
No change from standard Odoo. An empty Employees with Access list is treated as "no restriction" - the dialog shows all employees and any employee can log in, exactly as in vanilla Odoo.
Can an unauthorised employee still log in if they know someone else's PIN?
No. The server-side access check validates the whitelist regardless of PIN correctness. Even if an unauthorised employee entered a valid PIN for a whitelisted colleague, the server rejects the login because the employee being logged in is not on the whitelist.
Does it affect the desktop (non-tablet) views?
No. All enforcement is scoped to the Shop Floor tablet login flow only. Standard desktop manufacturing views - Gantt, list, form, and all other views - are completely unaffected.
What if the tablet shows multiple workcenters at once?
The access check is always against the currently active workcenter (the one selected in the workcenter selector at the top of the tablet). When the operator switches the active workcenter, the access check updates immediately - the next "Add Operator" dialog will use the new workcenter's whitelist.
Does installing this module require any database migration?
No. The module adds no new database columns, tables, or views. It relies entirely on the existing employee-workcenter relation that the Shop Floor enterprise module already creates. Installation and uninstallation are clean with no data residue.
Enforce Operator Qualifications
Ensure that only trained, certified, or authorised personnel can log in to restricted workcenters - reducing safety risk and protecting specialised equipment.
Clean Audit Trails
Time logs and productivity records will only contain authorised operators - critical for ISO, GMP, and other compliance audits that require proof of controlled access.
Prevent Accidental Logins
The dialog simply does not show unauthorised employees - there is no confusing error to dismiss, and no temptation to try entering a colleague's PIN.
Activates a Dormant Feature
The Employees with Access field already exists in every Odoo 18 enterprise installation - this module simply makes it work as intended, with no new configuration vocabulary to learn.
Need Help or Have a Feature Request?
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module