Simplify Warehouse Access
by Odoo DevHouse https://apps.odoo.com/apps/modules/browse?author=Odoo%20DevHouse$ 299.00
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Inventory (stock) |
| Lines of code | 1979 |
| Technical Name |
simplify_warehouse_access |
| License | OPL-1 |
| Website | https://apps.odoo.com/apps/modules/browse?author=Odoo%20DevHouse |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Inventory (stock) |
| Lines of code | 1979 |
| Technical Name |
simplify_warehouse_access |
| License | OPL-1 |
| Website | https://apps.odoo.com/apps/modules/browse?author=Odoo%20DevHouse |
Simplify Warehouse Access
Control exactly which users - or security groups - can access which warehouses, which operations they can perform, which locations they can see, and for how long. Access rules are applied automatically the moment you save. No coding. No manual effort.
Odoo's built-in Inventory / User and Inventory / Manager groups give access to all warehouses and all operations in the entire database. There is no standard mechanism to say:
- "Alice can only see Warehouse North" - not possible out of the box
- "The Receiving team can only see Receipts" - requires hand-written record rules
- "Bob is a read-only auditor - he can view but cannot create or edit" - no native per-warehouse R/O mode
- "This contractor's access expires on Friday" - no native expiry mechanism
- "Grant access to the entire Logistics Department group at once" - no group-to-warehouse link
- "Restrict this user to the Cold Storage Zone only" - impossible without custom code
- "Who currently has access to warehouse X?" - no built-in audit view
Without a dedicated tool this requires developer time, breaks on upgrades, and leaves no audit trail for compliance teams.
Simplify Warehouse Access installs as a standalone app visible on your Odoo Home screen. Open it, click New, choose a warehouse, assign users or an entire security group, set Full or Restricted access, pick a Permission Level (Read & Write or Read Only), optionally set a validity date range or restrict to specific stock locations. Click Save - access rules are applied immediately. No restart, no cache clearing. All changes are logged in the chatter. Access can be revoked instantly by toggling the Active switch.
1 - Open from Home Apps
After installation, a Warehouse Access app appears on your Odoo home screen. Open it, click New. Choose a warehouse, access type, permission level, and assign users or a security group.
2 - Save
Click Save. The module creates all required access rules and adds the assigned users - all in one step. The Rules counter jumps from 0 to 3.
3 - Rules Are Live Immediately
Access rules take effect instantly - the moment the configuration is saved. Users see only their permitted warehouses, operations, and locations.
- Full Access - all operations in the warehouse: Receipts, Deliveries, Internal Transfers, Adjustments, and any custom type
- Restricted Access - select exactly which operation types are permitted; empty selection is blocked by validation
- Permission Level - Read & Write lets users create/edit/validate/delete; Read Only enforces view-only at rule level
- Direct Users - assign individual users to a warehouse access record
- Via Odoo Groups - grant access to an entire security group; all current and future members automatically receive the rules
- Multiple Warehouses - cover a primary warehouse plus additional warehouses in a single access record
- Restrict to Locations - pin access to specific stock locations (e.g. Cold Storage Zone only)
- Validity date range - set Valid From / Expires On; a daily scheduled job auto-deactivates access when the expiry date passes
- Instant revocation - toggle Active off to deactivate all 3 rules at once; toggle back to restore
- Bulk Grant Wizard - grant access to multiple users in one step; existing conflicts are detected and skipped
- Email notifications - users receive an email when access is granted or revoked
- Automatic access rules - restrictions applied across transfers, inventory levels, and warehouses the moment you save
- Security Rules tab + global list - review all active access restrictions across all configurations in one place
- Full chatter trail - every create, edit, and deactivation logged with timestamp and user name
The module installs as a standalone app - it is NOT under Settings. Access it directly from the Odoo home screen.
Warehouse Access Lives on the Home Screen
After installation, a Warehouse Access app icon appears on the Odoo home screen
alongside Inventory, Sales, and Purchase. Only system administrators can see and open it - it is
invisible to regular users by design.
Inside the app you will find two menu items:
Warehouse Access - the main list/form where you create and manage access records
Security Rules - the global list of all active access restrictions across all configurations
On a fresh install the list is empty and shows an onboarding message.
Click New to create your first access rule.
The empty list view. The search bar defaults to Active filter. Click New to begin.
James Carter and Sarah Mitchell - Warehouse Operators - need full Read & Write access to the main warehouse.
Step 1 - Fill in the Form
Open Warehouse Access â New. Fill in:
Primary Warehouse - YourCompany
Access Type - Full Access (radio)
Permission Level - Read & Write (radio)
Assign Access To - Direct Users
Direct Users - select James Carter, Sarah Mitchell
The Access Summary tab shows a green confirmation box in real time.
The record name auto-computes to "YourCompany - Full Access (R/W)".
Rules counter is still 0 - rules are created only on save.
Step 2 - Save: 3 Rules Generated Instantly
Click Save. Simultaneously:
Rules counter jumps from 0 to 3
View Security Rules button appears in the header
Security Rules tab appears in the notebook
Chatter logs "Warehouse Access Configuration created"
Both users receive an email: "Warehouse Access Granted: YourCompany"
Access rules are created instantly and both users now have full Read & Write access to YourCompany warehouse.
The rules are live the moment Save completes.
Step 3 - Inspect the Security Rules Tab
Click the Security Rules tab inside the form to see the 3 access rules that were generated for this record.
Each row shows:
Which data type is protected (transfers, inventory, or warehouse)
The Permission Level (Read & Write or Read Only)
An Active toggle to enable or disable the rule
A link to view the full rule details
Because Permission Level is Read & Write, all rules grant full create, edit, and delete access within the assigned warehouse.
What James Carter Sees After Access Is Granted
James logs in and opens Inventory. His session is scoped to YourCompany - he sees all receipts and can Validate transfers.
James Carter - Receipts list. Only YourCompany receipts are visible. Records from other warehouses are completely hidden.
James Carter - Receipt form. The Validate button is available. Full Read & Write access allows him to confirm and process transfers.
Ryan Thompson works on the receiving dock. He should see Receipts only - not Deliveries, Internal Transfers, or Inventory Adjustments.
Select "Restricted Access" - Allowed Operations Tab Appears
Set Access Type to Restricted Access. The form adapts immediately:
An Allowed Operations tab appears in the notebook
A yellow warning banner says "Required: Select at least one allowed operation"
The Access Summary tab is hidden (it only shows for Full Access)
You cannot save a Restricted Access record with zero operations -
the constraint prevents accidental lockout with a silent empty rule.
Add Operations - The Warning Disappears
Click Add a line inside the Allowed Operations table. A dropdown lists
only operation types belonging to the selected warehouse. Select Receipts.
The yellow warning immediately disappears. On save, access rules are generated scoped to Receipts only - delivery orders, internal transfers, and
adjustments become completely invisible to Ryan.
What Ryan Thompson Sees After Access Is Granted
Ryan opens Inventory. His access is restricted to Receipts at YourCompany only - delivery orders, internal transfers, and other warehouses are completely invisible to him.
Ryan Thompson - Receipts list. Only Receipts appear. Delivery orders and internal transfers are completely hidden.
Ryan Thompson - Validate attempt blocked. His access is Read Only. The system blocks any save or edit attempt server-side - the restriction is enforced even if buttons are visible in the interface.
Emily Brooks is an external auditor. She needs to view all stock movements and inventory but must NOT be able to create, edit, or delete anything.
How Permission Level Works
Read & Write (default):
Users can create, edit, validate, and delete transfers within their warehouse.
Full operational access.
Read Only:
Users can browse and view records but cannot create, edit, validate, or delete anything.
Any write attempt is blocked by the system - even if a button appears in the interface.
Setup for Emily Brooks (Auditor)
Primary Warehouse
YourCompany
Access Type
Full Access
Permission Level
Read Only
Direct Users
Emily Brooks
After saving, Emily can open Inventory and browse all transfers and stock levels in YourCompany warehouse - but every attempt to save, create, validate, or delete raises an Access Denied error. This is enforced by the system, not by hiding buttons.
Emily Brooks's access record: Full Access + Read Only permission level. She can view all transfers but cannot make any changes.
What Emily Brooks Sees - Read Only Access
Emily can browse all YourCompany receipts and open any transfer form. Every attempt to validate, save, or create is blocked by the system - the restriction is enforced server-side.
Emily Brooks - Receipts list. She can see all transfers in scope and browse freely - but any write operation is blocked.
Emily Brooks - Transfer form. She can open and read any transfer detail. Any attempt to save, validate, or create a new record triggers an Access Denied error.
The "Shipping & Receiving Team" group has 6 members. Instead of listing them individually, grant access to the whole group in one record.
How Group Assignment Works
1. Set Assign Access To = Via Groups.
The Direct Users field disappears and Via Groups tag field appears.
2. Select the Odoo group: Demo: Shipping & Receiving Team.
The Effective Users counter shows the total user count
(direct users + all group members combined).
3. On save, all members from every selected Odoo group are resolved automatically and receive the warehouse access.
4. If a new user joins the Odoo group later, simply re-save this record to sync and include them automatically.
Practical Example
| Field | Value |
|---|---|
| Primary Warehouse | YourCompany |
| Access Type | Restricted Access |
| Permission Level | Read & Write |
| Assign Access To | Via Groups â Demo: Shipping & Receiving Team |
| Allowed Operations | Receipts (incoming shipments only) |
All current and future members of the Shipping & Receiving Team will see only receipt transfers in YourCompany. The admin can manage the team membership in the Odoo group without touching this access record at all.
Assign Access To: Via Groups - the Odoo Groups tag field replaces Direct Users. All group members receive the warehouse access automatically.
Tyler Reed is a seasonal contractor. He needs access to Delivery Orders from June 1 to July 31 only. After that, access must be revoked automatically - no IT ticket needed.
Setting a Validity Date Range
In the Validity Period (optional) section on the form:
Valid From - 2026-06-01 (access starts)
Expires On - 2026-07-31 (auto-deactivated after this date)
As soon as you set Expires On, a yellow alert banner appears on the form:
"This configuration expires on 2026-07-31 and will be deactivated automatically by the daily cron job."
How Automatic Expiry Works
A daily scheduled job runs every night and checks for access records whose expiry date has passed. When found:
All access rules are deactivated instantly (not deleted)
The user is removed from the access group
Tyler receives an email: "Warehouse Access Removed: YourCompany"
The record is preserved in archived state for audit trail
Restore tip: If you need to restore an expired record, toggle Active back on. All access rules are recreated instantly and the user is re-added to the access group. You do not need to delete and recreate anything.
Tyler Reed's seasonal access record with Valid From / Expires On set. The yellow banner warns that the record will be auto-deactivated by the daily cron on expiry.
What Tyler Reed Sees During His Valid Access Period
While the access record is active (between Valid From and Expires On), Tyler can see Delivery Orders at YourCompany. After the expiry date the cron deactivates the record and his access disappears completely.
Tyler Reed - Delivery Orders list. During his valid access period, all YourCompany delivery orders appear. Only Delivery Orders are visible - receipts and other operations are hidden.
Tyler Reed - Delivery form. Tyler can view delivery details. His access is Read Only - attempting to validate triggers an Access Denied error.
Emily Brooks (auditor) should see only transfers and stock involving the Cold Storage Zone and Electronics Vault - not the bulk area or other zones.
The Location Filter Tab
Open the Location Filter tab on the form. By default it shows a blue info banner:
"Optional. Leave empty for full warehouse-level access. When set, only transfers
moving stock to or from these locations will be visible."
In the Restrict to Locations field, select:
Cold Storage Zone
Electronics Vault
A yellow warning banner appears listing the active location filter.
Save - the location filter is added to all three generated rule domains.
What the Location Filter Restricts
Transfers:
Only transfers that move stock into or out of the selected locations are visible. All other transfers are hidden.
Inventory levels:
Only on-hand stock at those locations is visible. Stock in other zones is hidden.
Warehouse:
Warehouse visibility is not affected by the location filter - it is always scoped to the assigned warehouse.
The Location Filter tab on the access form. Selected locations restrict the user's view to only transfers and inventory involving those zones.
What Emily Brooks Sees - Location-Filtered View
With Cold Storage Zone and Electronics Vault as location filters, Emily only sees transfers whose source or destination is one of those two zones. Transfers to the bulk area or other zones are completely hidden.
Emily Brooks - Location-filtered Receipts. Only 10 receipts involving her assigned locations (Cold Storage Zone and Electronics Vault) are visible - all other transfers are completely hidden.
Linda Foster manages three warehouses: Main Warehouse, Seattle Port Hub, and Denver Distribution Center. One access record covers all three.
Setting Up Multi-Warehouse Access
Primary Warehouse (required): YourCompany
Also Covers (optional M2M): Seattle Port Hub, Denver Distribution Center
Access Type: Full Access
Permission Level: Read & Write
Direct Users: Linda Foster
The auto-computed record name becomes:
"YourCompany +2 - Full Access (R/W)"
How Multi-Warehouse Access Works
All three warehouses are covered by a single access record. Access rules are generated to span all listed warehouses simultaneously - transfers, inventory, and warehouse visibility across all three locations from one configuration.
The access check also works correctly when Linda navigates directly to any of her assigned warehouses - all three are recognized from this single record.
Linda Foster's access record: primary warehouse + two additional warehouses in Also Covers. The record name shows the +2 suffix. All three warehouses appear in the generated rule domains.
What Linda Foster Sees - Multi-Warehouse Access
Linda's single access record covers YourCompany + Seattle Port Hub. One record, two warehouses - she can process receipts, deliveries, and transfers across both locations.
Linda Foster - Inventory overview. Logged in as a user covered by a multi-warehouse access record (YourCompany + Seattle Port Hub).
Linda Foster - Receipts list. All YourCompany and Seattle Port Hub transfers are accessible from her single access record covering both warehouses.
Use case: onboarding an entire new team of 10 users to a warehouse at once - without creating 10 individual access records.
How the Bulk Grant Wizard Works
Access: Open Warehouse Access â Bulk Grant Access
from the app menu. A wizard dialog opens with:
Warehouse selector
Access Type radio
Permission Level radio
Users multi-select
Optional Allowed Operations
Optional Valid Until date
Conflict detection: As you add users, the wizard shows a live warning listing any user who
already has an access record for the chosen warehouse:
"⢠James Carter - already in 'YourCompany - Full Access (R/W)'"
Those users are automatically skipped when you click Grant.
The New Users counter shows how many will actually be created.
Result: One new access record is created for all non-conflicting users. The wizard then opens that
record directly so you can review it.
If all selected users already have access, a warning notification is shown
and no record is created.
The Bulk Grant Access wizard dialog. Select warehouse, access type, permission level, and multiple users. Conflict warnings appear live as you type.
The Security Rules menu shows every active access restriction across all configurations in one searchable, filterable list.
Warehouse Access â Security Rules
Each row in the global rules list shows:
Warehouse - which warehouse the rule protects
Access Config - which parent access record generated it
Data Type - Transfers, Inventory, or Warehouse
Access Type - Full or Restricted badge
Permission - Read & Write or Read Only badge
Active toggle + external link to view the full rule details
This list answers the compliance question:
"Which access rules are currently active and what do they restrict?"
in seconds, without opening any technical settings.
The main Warehouse Access list gives admins a one-page view of every active rule, with color-coded badges and inline controls.
What Each Column Tells You
Green rows = Full Access records (active)
Orange rows = Restricted Access records (active)
Greyed-out rows = archived/inactive records
Columns (configurable via optional toggle):
Primary Warehouse · Also Covers · Direct Users · Via Groups ·
Total Users (effective) · Access Type badge · Permission Level badge ·
Expires · Valid From · Locations · Allowed Operations · Rules count ·
Active toggle
The list icon button on each row opens the Security Rules
filtered for that specific record. The Active toggle lets you
revoke access instantly without opening the form.
Open any warehouse in Inventory â Configuration â Warehouses. The module adds a tab showing every access rule for that warehouse.
New Fields Added to the Warehouse Form
The module adds the following to every warehouse form:
Access Configurations tab - lists every access record for this warehouse. Click any row to open the configuration.
Allowed Users count - shows the total number of users (direct + group members) who currently have active access to this warehouse.
View Access Rules button - opens the access configuration list filtered to this warehouse
This gives warehouse managers an instant answer to "who can currently see my warehouse?"
Before offboarding a user, verify exactly which warehouses they can currently access - in seconds, from their user profile.
The Warehouse Access Tab on Every User Form
The module adds a Warehouse Access tab next to the Access Rights tab.
It provides three layers of information:
1. Warehouses counter
Shows the total number of warehouses the user currently has active access to (primary and any additional warehouses).
2. Warehouse Access Configurations table
Lists every access record where this user is a direct member.
Shows Warehouse, Access Type badge, active toggle, and a link to the rule list.
Fully readable inline - no need to navigate away.
3. Allowed Warehouses quick view
A tag cloud at the bottom: YourCompany
Seattle Port Hub.
Zero reading time - perfect for offboarding and compliance spot-checks.
Access rules take effect instantly. Each user sees only the warehouses and operation types their access record covers - not an error page, just a smaller world.
Full R/W User (James Carter)
- Sees all YourCompany operation types
- All receipts, deliveries, transfers visible
- Validate button works - writes allowed
- Can create new transfers
Restricted User (Ryan Thompson)
- Sees only Receipts operation type
- Delivery orders, internal transfers: completely hidden
- Read Only: any save or edit attempt is blocked
- Other warehouses: completely invisible
Archived Access (Jessica Adams)
- YourCompany access record archived â rules deactivated
- YourCompany transfers: completely invisible
- Only retains Denver Distribution Center access
- Zero results when accessing YourCompany data
Receipts list - YourCompany transfers accessible.
Receipt form - Validate button available (Read & Write access).
Only Receipts visible - delivery orders completely hidden.
Validate attempt blocked - Access Denied (Read Only permission).
Only Delivery Orders visible during valid access period.
Delivery form - visible, but writes blocked (Read Only rule).
Only 10 receipts involving her assigned locations - all others completely hidden.
Form visible for allowed transfers - all write operations blocked (Read Only).
Linda Foster logged into Inventory app.
Receipts list - single rule covers both YourCompany + Seattle Port Hub. Full R/W access.
Michael Harris - Inventory app.
Seattle Port Hub receipts visible. Michael's access is scoped to Seattle Port Hub only - YourCompany and other warehouses are completely hidden.
An employee leaves the company. Their warehouse access must be revoked immediately - without deleting the audit trail.
Revoke: Toggle Active Off
Toggle the Active switch to inactive - either from the list view
or the form header button. On save:
All access rules are deactivated instantly (not deleted - preserved for audit)
The user is removed from the access group
The user receives an email: "Warehouse Access Removed: [Warehouse]"
The chatter logs the deactivation with timestamp
The record itself is preserved - the full access history remains visible
Restore: Toggle Active On Again
If the employee returns or revocation was a mistake, simply toggle Active back on:
All access rules are recreated instantly
The user is re-added to the access group
The user receives a "Warehouse Access Granted" email
All configuration settings (operations, locations, dates) are restored as-is
No need to delete and recreate the record from scratch
The list with Inactive filter applied. Archived records appear greyed-out (text-muted). The full history is preserved - nothing is deleted.
The archived record form with Active set to off. All configuration details are retained. Toggle Active on to restore full access and regenerate the rules instantly.
What Jessica Adams Sees After Her YourCompany Access Is Archived
Jessica's YourCompany access record was archived - all access rules are deactivated instantly. She still has Denver Distribution Center access through a separate active record. YourCompany transfers show zero results.
Jessica Adams - YourCompany Receipts after archive. Zero records returned. All access rules for YourCompany are deactivated - that warehouse is completely invisible to her. Her Denver Distribution Center access remains fully active in a separate record.
Multi-Warehouse Operations
Warehouse operators in Branch A see only Branch A transfers. Branch B staff see only Branch B. Regional managers cover multiple warehouses in a single access record. All users log into the same Odoo database.
Receiving Team - Receipts Only
Restricted Access + Receipts operation. Dock staff can process incoming shipments but cannot see outgoing deliveries, internal moves, or inventory valuations. Grant to the whole team in one record via the Odoo group.
Temporary & Seasonal Staff
Set a Valid From / Expires On range. The daily cron deactivates the configuration automatically when the expiry date passes - no IT ticket, no manual cleanup, no forgotten access.
Read-Only for Auditors
External auditors need to view stock movements and inventory levels without any write access. Set Permission Level to Read Only - the system blocks all save, create, and delete operations while keeping full visibility.
Sensitive Stock Zones
Cold storage, pharmaceutical zones, or hazmat bays need their own access tier. Use the Restrict to Locations filter to scope a user's visibility to only those specific internal locations - within the same warehouse.
Compliance Audits
Every access change is logged in the chatter with timestamp and user. The Security Rules list shows every active database rule in one page. Archived records preserve the full history of who had access when.
| Task | Where | What You See / Notes |
|---|---|---|
| Open the module | Home Apps → Warehouse Access | Visible only to system administrators. Sub-menus: Warehouse Access and Security Rules. |
| Create a new access rule | Warehouse Access → New | Access rules are applied automatically on Save. Rules are live immediately - no restart needed. |
| Choose Full or Restricted | Access Type radio on the form | Full: Access Summary tab shows green box. Restricted: Allowed Operations tab appears with warning if empty. |
| Set Read Only permission | Permission Level radio → Read Only | User can only view records. Any attempt to save, create, or delete is blocked by the system. |
| Assign to a security group | Assign Access To → Via Groups | All members of the selected Odoo groups receive the warehouse access. Effective Users counter updates. |
| Cover multiple warehouses | Also Covers field (M2M tags) | All listed warehouses are covered by a single access record. Record name shows "+N" suffix. |
| Restrict to specific locations | Location Filter tab → Restrict to Locations | Only transfers and inventory at the selected locations are visible. Leave empty for full warehouse-level access. |
| Set automatic expiry | Validity Period section → Expires On | Yellow banner shows expiry date. A daily scheduled job deactivates access and emails users when the expiry date passes. |
| Revoke access immediately | Active toggle on list or form header | All access rules deactivated instantly. Access group membership cleared. User emailed. Record preserved for audit. |
| Bulk grant to many users | Warehouse Access → Bulk Grant Access (wizard) | Select warehouse, type, level, users. Conflicts detected live. One access record created for non-conflicting users. |
| Inspect generated rule domains | Form → Security Rules tab | Shows data type, Permission badge, Active toggle, and link to view the full rule details for each of the 3 rules. |
| Audit all rules in the database | Warehouse Access app → Security Rules menu | Searchable, filterable list of every active access restriction across all configurations. Essential for compliance. |
| See who can access a warehouse | Inventory → Warehouses → [Warehouse form] → Access Configurations tab | Lists all access records + Allowed Users count computed across direct users and group members. |
| Audit a user's warehouse access | Settings → Users → [User form] → Warehouse Access tab | Shows warehouse count, configuration table, and Allowed Warehouses quick-view tag cloud. |
Questions? Need a Custom Feature?
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module