A build-to-order Odoo module that centralizes control of menus, fields, buttons and user permissions in one management interface. ECOSIRE scopes, builds, installs and supports it for your Odoo 17/18/19 deployment. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $499.00 USD; request a quote for a scoped proposal.

A build-to-order Odoo module that centralizes control of menus, fields, buttons and user permissions in one management interface. ECOSIRE scopes, builds, installs and supports it for your Odoo 17/18/19 deployment.
No payment now. This sends a quote request to our team — we'll follow up by email with pricing and next steps.
Odoo's native access control is powerful but scattered. Permissions live across ir.model.access.csv grants, ir.rule record rules, security groups, and per-view attributes — and tightening any of them means editing XML, CSV and group definitions across modules, then upgrading the database. A business owner who wants to hide a menu from interns, make a field read-only for the warehouse team, or disable the "Confirm" button for junior sales staff usually can't do it without a developer. Studio-style tweaks don't cleanly cover buttons, statusbar transitions or field-level read/write in a governed, exportable way, and as a deployment grows nobody has a single view of "who can see and do what" — which is exactly what auditors and finance leads ask for.
Per-user and per-security-group access matrix (create/read/write/unlink) managed from one back-office interface, materialized into real `ir.model.access` records
Menu-item visibility control that toggles `ir.ui.menu` access without hand-editing group definitions or XML
Field-level rules — set any field `invisible`, `readonly` or `required` per group, injected at view-render time via `fields_get` and `ir.ui.view` inheritance
Header and object button control (hide/disable action buttons and workflow buttons such as Confirm, Validate, Cancel) per group
Statusbar / stage restrictions that block specific state transitions on the `statusbar` widget for chosen groups
Record-rule builder that generates `ir.rule` domains (own-records, team, company) so row-level scoping stays enforced server-side
This is a build-to-order module that ECOSIRE designs, builds, installs and supports specifically for your database — it is not an existing marketplace download. We build a centralized access management back-office where an administrator picks a user or a security group and, per model, toggles the visibility and access of menu items, individual fields (invisible / readonly / required), header and object buttons, and statusbar stages, alongside the create/read/write/unlink matrix. Under the hood we implement it against Odoo's own primitives rather than fragile monkey-patches: a configuration model (models.Model with @api.depends computes that preview the effective permission set), rules materialized into real ir.model.access and ir.rule records so the standard security engine still enforces them, and a lightweight ir.ui.view / fields_get layer that injects the field and button restrictions at view-render time. Everything is scoped by security group so it composes with your existing groups instead of replacing them.
Because the rules are expressed through native mechanisms, they hold across the Odoo web client, imported/exported data, and the XML-RPC/JSON-RPC API — a field you mark server-enforced read-only cannot simply be written by an external integration. The configuration is data (stored records, not code), so it survives module upgrades, can be exported/imported between databases, and is fully auditable: every change is captured in the chatter and mail.tracking.value history. We deliver the same feature set tuned to your edition, noting Community vs Enterprise differences (for example, some Enterprise-only models and the studio/approvals surfaces) so the governance layer covers exactly the apps you actually run.
Delivery is build-to-order. It starts with a short scoping call to inventory the models, groups and edge cases you need governed, after which we return a fixed written quotation and a staging build for your UAT before anything touches production. Typical delivery is 2–4 weeks from confirmed scope, and we hand over installable source, documentation and a support window. Pricing starts from $499 (indicative, single-company base scope); the number of models governed, multi-company record-rule complexity, and the depth of API-level enforcement and integration testing increase the quoted scope.
Owns the deployment and is tired of editing CSV grants, security groups and view XML for every permission tweak. Wants a governed, self-service interface to manage menus, fields, buttons and record rules without a redeploy each time.
Needs demonstrable segregation of duties and an auditable answer to "who can see and do what." Values server-enforced, API-safe restrictions and a change history rather than cosmetic UI hiding.
Runs mixed teams (warehouse, sales, support) and wants role-appropriate screens — hidden menus, read-only fields, disabled workflow buttons — so staff can't take actions outside their remit or trip over irrelevant options.
Oversees several legal entities in one database and needs record rules that scope data per company while keeping a consistent, centrally managed permission model across all of them.
Buy the license on ecosire.com and download the Simplify Access Management module ZIP from your account dashboard.
Extract the ZIP into your Odoo custom addons folder on the server (or upload via Apps > Install from file on Odoo.sh / runbot).
Activate Developer Mode, open Apps, click Update Apps List, search for Simplify Access Management, and press Install.
Open the new menu, paste your ECOSIRE license key, connect any external credentials (Shopify, Amazon, Stripe, etc.), and save.
Run the built-in connection test, sync your first 10 records, and schedule the recurring cron. Contact support if anything fails.
| Criterion | ECOSIRE | Custom Build | Competitor | Odoo Native |
|---|---|---|---|---|
| Nature of solution | Build-to-order module tailored to your DB and edition | Bespoke code written from scratch in-house | Generic off-the-shelf apps.odoo.com module | |
| Menu, field & button control | Unified interface for menus, fields, buttons and stages | Whatever you build; each surface hand-coded | Often UI-hiding only; button/stage coverage varies | |
| Enforcement depth (API-safe) | Materialized to `ir.model.access`/`ir.rule`, holds over RPC API | Depends on developer discipline | Frequently cosmetic UI hiding only | |
| Ease of change for admins | Self-service back-office, no redeploy | Requires a developer for each change | Config UI, but fixed to vendor's model | |
| Auditability | Chatter + `mail.tracking.value` on every edit | Only if you build logging | Rarely tracked | |
| Upgrade safety | Config stored as data; upgrade-safe, exportable | Must be re-tested each upgrade | Depends on vendor's release cadence | |
| Fit to your models & edition | Scoped in scoping call; Community/Enterprise aware | Fully custom but costly | One-size-fits-all, limited scope | |
| Support & accountability | Post-go-live window + git handover from one vendor | Your team owns all support | Best-effort marketplace support |
No. It is build-to-order. ECOSIRE designs, builds, installs and supports a version tailored to your database and edition — there is no instant download. You request a quotation, we scope it, then we build and deliver it.
Typical delivery is 2–4 weeks from confirmed scope. It begins with a short scoping call, followed by a fixed written quotation, a staging build for your UAT, and then production cutover. Larger scopes (many models, multi-company rules, deep API enforcement) sit toward the upper end of that range.
Pricing starts from $499 as an indicative single-company base scope. After a scoping call we issue a fixed written quotation. The number of models governed, multi-company record-rule complexity, and the depth of API-level enforcement and integration testing drive the final number — you approve the fixed quote before we build.
Every build includes a post-go-live support window for fixes and rule adjustments. Because the configuration is stored as data on native `ir.model.access` and `ir.rule` records, it is upgrade-safe by design; we can also quote a longer maintenance or version-migration engagement (for example moving from 17.0 to 18.0 or 19.0) separately.
Both. Field and record restrictions are materialized into Odoo's native security engine (`ir.model.access`, `ir.rule`), so they are enforced server-side and hold over the external API and data import/export — not only hidden in the web client. Purely visual items (like a disabled button) are UI-level by nature, and we tell you which is which at handover.
Yes. It composes with your existing security groups rather than replacing them, and record rules can be scoped per company using `company_ids` / `company_id` so restrictions respect the active company context. We inventory your current groups during scoping so nothing is overwritten.
We build for Odoo 17.0, 18.0 and 19.0, on both Community and Enterprise. We account for Community vs Enterprise differences during scoping so the governance layer covers exactly the apps and models your deployment runs.
A build-to-order Odoo module that centralizes control of menus, fields, buttons and user permissions in one management interface. ECOSIRE scopes, builds, installs and supports it for your Odoo 17/18/19 deployment.