Permissions Management
Role-based access management as a first-class Odoo app. Define roles, attach permissions, assign them to users or groups with validity windows, and compile everything into native Odoo groups, access-control lists and record rules — with an audit trail and an effective-access preview for administrators.
What it does
Build access from reusable roles instead of hand-wiring dozens of groups. Each role bundles model CRUD rights, record-rule domains, field-level security, menu/action/toolbar/chatter/search UI policies, portal tiles, and group membership. Assign roles to users or groups (optionally time-boxed), and the module compiles them into standard Odoo security records that the ERP enforces natively. It also ships an audit log, a lightweight permission-check API for companion add-ons, an explanation view that shows why a user does or does not have a given access, and a migration path from the community simplify_access_management module.
Highlights
- Role-based access compiled to native ir.model.access and ir.rule — no custom enforcement engine at runtime.
- UI policy layer for menus, actions, fields, toolbar, chatter, and search.
- Record-rule domain builder using Odoo 19's native domain widget.
- Per-user and per-group assignments with optional start/end dates.
- Audit logging of security-relevant changes.
- Effective-access preview and an explanation view for administrators.
- Integration API so downstream add-ons can check capabilities cleanly.
Dependencies
base, web, mail, base_setup, portal
Configuration
1. Install and open the Permissions app (restricted to permissions administrators). 2. Create roles, attach permissions, and assign users or groups. 3. Roles flagged to compile native security generate the managed groups, ACLs and record rules; recompilation runs automatically on change. 4. Settings → Permissions exposes the audit log, cache TTL, and strict field-security toggle. A daily maintenance job de-duplicates colliding Studio field labels and archives permissions whose target model no longer exists.
Coverage
- 62 automated tests covering the compiler, ACL/record-rule sync, per-role domain rules, UI policy, migration and the maintenance job.
- Permissions administrators bypass the managed restrictions by design.
- Companion portal add-ons check capabilities against the compiled native groups.
Screenshots: TODO (capture from staging)
Built and maintained by ETS.inc — support via the address on this listing.
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module