A build-to-order Odoo module that restricts menus, fields, buttons, and actions with granular model-level access controls and record rules. ECOSIRE scopes, builds, installs, and supports it for your Odoo 17/18/19 environment. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $249.00 USD; request a quote for a scoped proposal.
بيان التطبيق
مصمَّم حول سير عملك
A build-to-order Odoo module that restricts menus, fields, buttons, and actions with granular model-level access controls and record rules. ECOSIRE scopes, builds, installs, and supports it for your Odoo 17/18/19 environment.
لا إعداد يدوي — تطبيق جاهز يبنيه ويثبّته ويدعمه ECOSIRE.
ابدأ بسعر بناء لمرة واحدة. نحدّد النطاق معك عند الانطلاق.
يقوم ECOSIRE ببنائه وتهيئته وتثبيته على Odoo الخاص بك.
تنطلق خلال 2–4 أسابيع تقريبًا، مع فترة دعم بعد الإطلاق.
Most teams reach a point where Odoo's out-of-the-box security is either too coarse or too fiddly to manage safely. A salesperson can see margin fields they shouldn't; a warehouse user stumbles into Accounting menus; a junior can still click Validate, Cancel, or Post on documents that should be locked to a supervisor. Odoo core gives you res.groups, ir.model.access.csv, and ir.rule record rules — powerful primitives — but wiring field-level visibility, button-level restrictions, and multi-dimensional record rules by hand across dozens of models quickly becomes an unmaintainable sprawl of XML and CSV that breaks on every upgrade. This is where native Odoo runs out of road: it has the mechanisms, but no unified, admin-friendly control surface to govern who sees which menu, which field, and which action, without a developer editing source every time policy changes.
Generic Security Restriction is a made-to-order Odoo module that ECOSIRE designs, builds, and installs for you to close exactly that gap. Rather than hard-coding restrictions, we deliver a configurable security layer: a settings-driven model where administrators define restriction profiles that hide or read-only menus (ir.ui.menu), fields (via groups attributes and dynamic fields_view_get/get_views overrides in the ORM), and action buttons in both backend XML/OWL views and QWeb-driven flows. Under the hood we generate the appropriate res.groups, ir.model.access.csv entries, and parameterized ir.rule domains, then bind them to your restriction profiles so policy changes become configuration, not code. Field masking is enforced server-side in the models.Model read path — not just hidden in the UI — so the same rules hold over the XML-RPC/JSON-RPC API and in exports, closing the common loophole where a restricted field leaks through a report or an external integration.
Technically, the module is built to your model map. We audit the objects you need to govern, define compute-backed visibility helpers (@api.depends where a restriction is contextual), and apply record rules scoped by company, team, department, or any field you nominate — including multi-company setups where company_ids and company_id must be honored consistently. Menu and action restrictions are applied through group membership so they survive upgrades, and every override is written to be idempotent and version-aware across Odoo 17.0, 18.0, and 19.0 (we account for the get_views API changes and OWL view differences between those releases, and for Community vs Enterprise where an Enterprise-only view or action is in scope). We keep the footprint minimal and dependency-light so it coexists cleanly with your other apps and does not fight the standard upgrade path.
Because this is build-to-order, delivery starts with a short scoping call, not a download. We confirm the exact models, fields, menus, and actions in scope, agree the restriction profiles and who they map to, then build against a copy of your database, validate on staging, and install into production with a rollback plan. Typical delivery is 2-4 weeks from confirmed scope, depending on how many models and profiles are involved and whether integrations or data migration are required. Pricing starts from $249 (indicative, single-company base scope); broader model coverage, multi-company record rules, deeper localization, and additional integration surfaces (API clients, external reports) increase the quoted scope. You receive a fixed written quote after the scoping call — never a surprise.
Owns user roles and wants to manage who sees which menu, field, and button from configuration rather than filing a developer ticket every time a policy changes or a new hire needs a scoped role.
Needs to ensure staff cannot see sensitive data (margins, salaries, cost prices) or trigger privileged actions like posting or cancelling documents, with enforcement that holds over reports and the API, not just hidden in the screen.
Must demonstrate least-privilege access and an auditable trail of who can do what, especially in regulated or multi-company groups where record-level segregation between entities is mandatory.
Runs several companies in one Odoo database and needs consistent record rules so users only see their entity's data while shared-service roles retain the cross-company access they legitimately require.
| المعيار | ECOSIRE | بناء مخصص | منافس | أودو الأصلي |
|---|---|---|---|---|
| Menu, field, and action control | Unified restriction profiles governing menus, fields, buttons, and actions from one configurable layer | Possible but you design and maintain the whole framework yourself | Often covers menus and fields but rarely all four in one consistent model | |
| Enforcement depth | Server-side in the ORM and ir.rule, holds over API, exports, and reports | Depends entirely on the developer's rigor | Frequently UI-only, leaks via API or exports | |
| Fit to your models | Built to your exact model map after a scoping call | Fully bespoke but slow and costly to build from zero | Generic; you adapt your process to its assumptions | |
| Multi-company record rules | Company/team/department-scoped ir.rule handled and tested for your setup | Achievable with significant in-house effort | Basic multi-company support, edge cases often unhandled | |
| Upgrade safety (17/18/19) | Version-aware, idempotent data files, tested across 17.0/18.0/19.0 | Whatever you build must be re-tested each upgrade | Depends on vendor's version cadence | |
| Support and ownership | Post-go-live support window plus full git repo and source handover | You own it and you support it entirely | Vendor support varies; source may be obfuscated | |
| Total cost and time | Indicative from $249, fixed quote after scoping, 2-4 weeks | Highest cost and longest timeline | Low upfront license but adaptation and gaps add cost | |
| Audit and compliance | Optional automated-action logging and documented least-privilege mapping | Only if you scope and build it | Rarely includes audit tooling |
This is a build-to-order module, not an instant download. After a scoping call to confirm the exact models, fields, menus, and actions in scope, typical delivery is 2-4 weeks from confirmed scope. Timelines lengthen with more models and profiles, multi-company record rules, or integration and data-migration work, and we give you a schedule with your fixed quote.
Pricing starts from $249 as an indicative from-price for a single-company base scope. The final number depends on how many models, fields, and restriction profiles you need, multi-company complexity, localization depth, and any integrations. You get a fixed written quote after the scoping call — no charges begin until you approve that quote.
Every build includes a post-go-live support window for defect fixes and configuration questions. Because we hand over the git repository and full source, you own the code. We also offer optional ongoing support and paid version upgrades to keep the module current as you move between Odoo 17.0, 18.0, and 19.0.
Yes. The module is built on standard security primitives (res.groups, ir.model.access.csv, ir.rule) that exist in both editions and supports Odoo 17.0, 18.0, and 19.0. Where an Enterprise-only view or action is in your scope, we handle it as part of the build; we confirm your edition and version during scoping.
Enforced. Field and record restrictions are applied server-side in the ORM read/write path and via ir.rule domains, so they hold over the XML-RPC/JSON-RPC API, exports, and QWeb reports — not only in the screen. UI hiding is layered on top for a clean experience, but the security boundary is at the model level.
Yes. Alongside static group-based rules we can implement contextual restrictions using compute helpers and @api.depends — for example, making a field read-only once a document is confirmed, or blocking cancel after posting. We agree these conditional rules during scoping so behavior is explicit and testable.
We build restrictions through group membership and idempotent, version-aware data files rather than ad-hoc source edits, which is far more upgrade-friendly than hand-patching views. Major Odoo version jumps can still require a compatibility pass, which we can quote as an upgrade engagement when you move versions.
A build-to-order Odoo module that restricts menus, fields, buttons, and actions with granular model-level access controls and record rules. ECOSIRE scopes, builds, installs, and supports it for your Odoo 17/18/19 environment.