Skip to Content

MuK MCP Access

by
Odoo
v 19.0 Third Party 5
Download for v 19.0 Deploy on Odoo.sh Live Preview
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Community Apps Dependencies
Lines of code 5750
Technical Name muk_mcp_access
LicenseLGPL-3
Websitehttp://www.mukit.at
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Community Apps Dependencies
Lines of code 5750
Technical Name muk_mcp_access
LicenseLGPL-3
Websitehttp://www.mukit.at

MuK MCP Access

Model-Level Access Control for the MCP Server

MuK IT GmbH - www.mukit.at

Community Enterprise

Overview

Defence-in-depth add-on for MuK MCP Server. Controls which Odoo models are reachable through MCP, independent of the user's normal access rights. Administrators build a whitelist of models and choose read-only or full access per model. When the whitelist is empty every model is accessible — full backwards compatibility. As soon as the first model is added only whitelisted models are exposed; the AI agent cannot discover or query anything else.

How It Works

Even though Odoo's built-in access control lists protect your data, an AI agent can still touch every model the user has access to. MuK MCP Access adds an extra layer that sits between the MCP tool call and the ORM:

  • Empty list = no restrictions. Install the module and nothing changes — every model stays accessible.
  • Add a model = whitelist is active. As soon as you add the first entry, only whitelisted models are exposed to MCP clients.
  • Per-model permissions. Choose read-only or full read/write access for each model independently. Read-only entries allow search_read, describe_model, and export_records; write entries additionally allow create_records, update_records, delete_records, and call_method.

Bulk Model Selection

Use the Add Models wizard to enable multiple models at once. The wizard excludes transient models and models already in the access list, and lets you set default read/write permissions that are applied to every selected model.

More Apps from MuK IT

MuK MCP Apps

MuK MCP Apps

Interactive UI
 View Module ›
MuK MCP OAuth

MuK MCP OAuth

OAuth 2.1
 View Module ›
MuK Mail Search

MuK Mail Search

Mail Search
 View Module ›
MuK Split View

MuK Split View

Split View
 View Module ›

All MuK Apps

Browse
 View All ›

Want more?

Are you having troubles with your Odoo integration? Or do you feel your system lacks of essential features?
If your answer is YES to one of the above questions, feel free to contact us at anytime with your inquiry.
We are looking forward to discuss your needs and plan the next steps with you.

REQUEST QUOTE

Our Services

Odoo
Development

Odoo
Integration

Odoo
Infrastructure

Odoo
Training

Odoo
Support

MuK MCP Access

Model-level access control for the MuK MCP Server. Restricts which Odoo models AI agents can discover and operate on through the Model Context Protocol, independent of the user's normal access rights.

Requires MuK MCP Server.

Installation

To install this module, you need to:

Download the module and add it to your Odoo addons folder. Afterward, log on to your Odoo server and go to the Apps menu. Trigger the debug mode and update the list by clicking on the "Update Apps List" link. Now install the module by clicking on the install button.

Upgrade

To upgrade this module, you need to:

Download the module and add it to your Odoo addons folder. Restart the server and log on to your Odoo server. Select the Apps menu and upgrade the module by clicking on the upgrade button.

Configuration

Navigate to Settings > MCP > Model Access to manage the whitelist.

  • Empty list — every model is accessible (backwards-compatible default).
  • Non-empty list — only listed models are exposed to MCP clients.

Each entry controls:

  • Read — model is visible in list_models and queryable via search_read, read_records, describe_model, etc.
  • Write — model is writable via create_records, update_records, delete_records, and call_method.

Use the Add Models button to bulk-enable multiple models at once. The wizard excludes transient models and models already in the access list.

Usage

Once the whitelist contains at least one entry, the module enforces two restrictions:

  1. Tool-level blocking — any tool that accepts a model argument (search_read, create_records, describe_model, etc.) raises AccessError when the model is not in the whitelist or the operation is not allowed.
  2. Discovery filteringlist_models only returns models that appear in the whitelist, so the AI client cannot discover restricted models.

The check respects the tool's category: read tools check allow_read, write tools check allow_write. This layering works alongside MCP API key scopes (read-only keys, rate limits) and Odoo's built-in record rules and model ACLs.

Credits

Contributors

Author & Maintainer

This module is maintained by the MuK IT GmbH.

MuK IT is an Austrian company specialized in customizing and extending Odoo. We develop custom solutions for your individual needs to help you focus on your strength and expertise to grow your business.

If you want to get in touch please contact us via mail (sale@mukit.at) or visit our website (https://mukit.at).

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.