Access Control Suite
Restrict what each user sees and can do — hide menus, lock CRUD/Export, restrict fields, buttons, tabs & chatter, and disable login — without creating technical security groups. Per user & per group, hard-enforced at the ORM, works with any model.
What it does
Create access policies that target specific users or groups, then tick what to restrict. Everything is applied at runtime by a per-user cached resolver across three layers — view interception, menu filtering and hard ORM enforcement — so a restriction is not just hidden in the UI: attempts to bypass it over RPC still raise an error. System administrators are never restricted.
One policy, all restrictions in tabs
Target users, Disable Login, global restrictions, and the rule tabs — all in one policy.
Key features
Target individual users or whole groups. No technical security groups to create.
Hide any menu/submenu. Hiding a parent hides all children — and the URL is blocked too.
Disable Create / Edit / Delete / Duplicate / Export / Import / Archive per model — or globally.
Make any field Invisible / Read-only / Required, or hide its external link — per model.
Hide specific buttons and notebook tabs — picked from the form view, no technical typing.
Hide the whole chatter, or just Send message / Log note / Schedule activity.
A per-user domain so users only see the records that match (e.g. their own).
Hide specific Print reports and Action-menu server actions — all of them, or one by one.
Block chosen users from authenticating — without archiving their account.
Prevent target users from turning on debug/developer mode.
Restrictions are enforced at the ORM — bypassing the UI over RPC still raises AccessError.
One per-user resolver, cached; cleared only when a policy changes. Unrestricted users pay ~nothing.
How it looks
Every restriction is one tab on the policy. A few examples:
Hide Menu — parent + all sub-menus, URL blocked too
Models — lock Create / Edit / Delete / Export / Import / Archive (hard-enforced)
Fields — Invisible / Read-only / Required per field
Buttons & Tabs — picked from the form view, no technical typing
Hide Chatter — the whole chatter, or just Send / Log / Activity
Reports & Actions — hide specific Print reports & Action-menu operations
Common scenarios
Target the user → Models tab → Sales Order → disable Create / Edit / Delete. Reading still works.
Hide Menu tab → add the Accounting root: every sub-menu vanishes and the URL is blocked.
Models tab → CRM Lead → Record Filter
[('user_id', '=', uid)].Fields tab → Product → Cost → Invisible or Read-only.
Hide Chatter tab → hide Send message / Log note / Activity buttons.
Policy header → tick Disable Login — no need to delete the account.
Every download ships with a detailed step-by-step Configuration Guide covering these and more.
Requirements
- Depends only on base and web — works with any model, standard or custom.
- No extra Python libraries. Compatible with Odoo Online, Odoo.sh and On-Premise.
- Configured from its own top-level app Access Control Suite → Access Policies (needs Administration: Access Rights).
How to use
- Open the Access Control Suite app → Access Policies → New.
- Pick Target Users and/or Target Groups.
- Set the Global options (read-only, block developer mode, disable login) and fill the tabs (Hide Menu, Models, Fields, Buttons & Tabs, Hide Chatter, Reports & Actions).
- Save — the restriction applies immediately to the target users. Admins are never affected.
Need help?
Questions, bug reports, or feature requests — email us and we'll get back to you.
Support: vuhaiqn90@gmail.com
Compatible with Odoo · Author: Uv Iah
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 1006 |
| Technical Name |
vh_access_control |
| License | OPL-1 |
| Website | https://apps.odoo.com/apps/modules/browse?author=Uv+Iah |
Access Control Suite
Overview
Access Control Suite lets an administrator restrict what each user sees and can do in Odoo — without creating technical security groups. You define access policies that target specific users or groups and tick what to restrict. Every restriction is applied at runtime and hard-enforced at the ORM level, so bypassing the UI over RPC still raises an error. System administrators are never restricted.
Key features:
- Hide menus and sub-menus (hiding a parent hides its children; the URL is blocked too).
- Disable Create / Edit / Delete / Duplicate / Export / Import / Archive per model, or globally.
- Field modifiers: make any field Invisible / Read-only / Required, or hide its external open link.
- Hide specific buttons and notebook tabs, picked from the form view.
- Hide the chatter per model, or globally hide the Send message / Log note / Schedule activity buttons.
- Hide Print reports and Action-menu entries (server actions and window actions such as Send SMS / Send Email).
- Record-level filtering with a per-user domain (users see only matching records).
- Disable login for chosen users without archiving the account.
- Block developer / debug mode for target users.
Installation
- Copy vh_access_control into your Odoo addons path.
- It depends only on base and web — no extra Python libraries. Compatible with Odoo Online, Odoo.sh and On-Premise.
- Update the apps list and install Access Control Suite.
Configuration
- Open the Access Control Suite app → Access Policies → New (requires Administration: Access Rights).
- Choose Target Users and/or Target Groups.
- Set the Global options (read-only, block developer mode, disable login).
- Fill the tabs as needed: Hide Menu, Models, Fields, Buttons & Tabs, Hide Chatter, Reports & Actions.
- Save — the restriction applies immediately to the target users.
Usage
Restrictions take effect the moment a policy is saved and are cleared from the per-user cache automatically whenever a policy changes. To temporarily lift a restriction, unset the option or archive the policy. A detailed step-by-step Configuration Guide ships with the module.
Support
Questions, bug reports and feature requests: vuhaiqn90@gmail.com
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module