A build-to-order Odoo access-control designer that lets administrators hide or restrict any menu, field, button, action, or record per user group from a point-and-click UI — no XML or Python. ECOSIRE builds, installs, and supports it for your database after a scoping call. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $599.00 USD; request a quote for a scoped proposal.

A build-to-order Odoo access-control designer that lets administrators hide or restrict any menu, field, button, action, or record per user group from a point-and-click UI — no XML or Python. ECOSIRE builds, installs, and supports it for your database after a scoping call.
Keine Zahlung jetzt. Dies sendet eine Angebotsanfrage an unser Team – wir melden uns per E-Mail mit Preisen und nächsten Schritten.
Odoo security works, but configuring it is a developer job. To restrict a field, hide a smart button, or narrow which records a group can see, you normally hand-edit ir.model.access.csv, write ir.rule domains, and patch view arch with groups= attributes or attrs — all in XML and Python, redeployed through a module upgrade. Functional admins can set model-level CRUD and toggle group membership from Settings, but everything finer than that (per-field visibility, per-button access, own-records-only rules, hiding a specific sub-menu) requires touching source. That gap is where SMB teams either over-provision access they shouldn't, or wait on a developer for every small change.
Point-and-click editor over `ir.model.access` with a live permission matrix — set create/read/write/unlink per model per group and see effective rights update instantly
Visual `ir.rule` builder: compose record domains from a field/operator/value picker (own records `[('user_id','=',uid)]`, own team, own company) with no hand-written domains
Field-level visibility and read-only rules per group, applied via computed security groups injected into view arch at render time — original views are never edited or forked
Menu and sub-menu hiding per group driven from a tree view of the full `ir.ui.menu` hierarchy
Hide or disable header buttons, smart buttons, and object/action buttons per group without patching form XML
Restrict which window actions, server actions, and QWeb reports each group is allowed to launch
Granular Access Manager closes that gap with a UI-driven designer built on top of base and web. A permission matrix renders every model against every group so you can set create/read/write/unlink on ir.model.access with a click and see the resulting effective rights live. A visual ir.rule builder lets you compose record domains from a field/operator/value picker — "own records only" ([('user_id','=',uid)]), "own team", or "own company" — without hand-writing a domain or worrying about global vs groups evaluation. Field-level visibility and read-only rules are applied through computed security groups layered onto the view arch at render time, so you never edit or fork the original views. Menus and sub-menus are hidden from a tree of the full menu hierarchy; header buttons, smart buttons, and object/action buttons are hidden or disabled per group; and you can restrict which window actions, server actions, and QWeb reports a group is allowed to launch. Export, archive, duplicate, and Delete privileges are governed independently of raw unlink rights.
Everything you configure is written back as standard Odoo security records — ir.model.access, ir.rule, groups, and view extensions — so your access model survives module upgrades and is exportable as a clean data module. A Preview-as-user mode lets you impersonate a group and see exactly which menus, fields, and buttons that group will get before you save. A change diff log records every access modification with author, timestamp, and a before/after snapshot; any change reverts in one click, and full profiles export and import as XML. A conflict detector flags contradictory rules — for example one group granting read where a rule denies it — before they reach production.
Because this is a build-to-order product, ECOSIRE builds it for your database rather than shipping a generic download. After a short scoping call we confirm your Odoo edition (Community or Enterprise), target version (17.0, 18.0, or 19.0), the models and groups in scope, and any custom modules whose views and access need to be covered. We build against your actual model set, install and configure on a staging database, run UAT with your team, then deploy to production with a rollback plan and hand over the git repository. Typical delivery is 2-4 weeks from confirmed scope. Pricing starts from $599 (indicative, single-company base scope); broader coverage — multi-company record-rule isolation, large numbers of custom models, or deeper localization of access profiles — increases the quoted scope.
Owns day-to-day Odoo security but has no developer on staff. Needs to hide fields, restrict buttons, and scope records per group without raising a ticket or waiting on a partner for every small change.
Configures access as part of rollouts across multiple client databases. Wants a repeatable, UI-driven way to define profiles and export them as XML so the same access model promotes cleanly from dev to staging to production.
Responsible for segregation of duties and audit readiness. Needs a change diff log with author and timestamp, one-click revert, and a conflict detector so access decisions are documented and defensible.
Wants their team to see only their own or their team's records and to be blocked from delete, export, or archive actions — without those restrictions leaking to other departments.
Kaufen Sie die Lizenz auf ecosire.com und laden Sie die ZIP-Datei des Granular Access Manager-Moduls von Ihrem Konto-Dashboard herunter.
Extrahieren Sie die ZIP-Datei in Ihren Odoo-Ordner für benutzerdefinierte Add-ons auf dem Server (oder laden Sie sie über „Apps“ > „Aus Datei installieren“ auf Odoo.sh/Runbot hoch).
Aktivieren Sie den Entwicklermodus, öffnen Sie „Apps“, klicken Sie auf „Apps-Liste aktualisieren“, suchen Sie nach „Granular Access Manager“ und klicken Sie auf „Installieren“.
Öffnen Sie das neue Menü, fügen Sie Ihren ECOSIRE-Lizenzschlüssel ein, verbinden Sie alle externen Anmeldeinformationen (Shopify, Amazon, Stripe usw.) und speichern Sie.
Führen Sie den integrierten Verbindungstest aus, synchronisieren Sie Ihre ersten 10 Datensätze und planen Sie den wiederkehrenden Cron. Wenden Sie sich an den Support, wenn etwas fehlschlägt.
| Kriterium | ECOSIRE | Benutzerdefinierter Build | Konkurrent | Odoo Native |
|---|---|---|---|---|
| Field, button & menu restrictions | Point-and-click per group via computed security groups; no view edits | Hand-coded `groups=`/`attrs` in view XML per element | Often menu/model level only; field control limited | |
| Record-rule (ir.rule) authoring | Visual field/operator/value builder for own/team/company scopes | Domains written by hand in Python/XML | Some offer rule presets, rarely a full visual builder | |
| Preview-as-user before saving | Impersonate a group to see exact menus/fields/buttons live | Create a test user and log in separately to verify | Usually not included | |
| Audit trail of access changes | Diff log with author, timestamp, before/after snapshot | Only whatever git history the developer keeps | Rarely included | |
| Conflict / contradiction detection | Detector flags contradictory grant/deny rules pre-deploy | Discovered manually during testing | Typically absent | |
| Portability between databases | One-click profile export/import as XML; one-click revert | Manual data-module authoring | Varies; often no clean export | |
| Upgrade safety | Stored as standard security records; survives upgrades | Depends on discipline; forked views can break | Depends on vendor's approach | |
| Delivery & fit | Built for your models/groups, installed & supported by ECOSIRE | Bespoke but you own the maintenance burden | Generic download; may not fit custom models |
No. Granular Access Manager is build-to-order. ECOSIRE builds it for your specific Odoo database and model set, installs it on staging, and deploys to production after UAT. There is no instant apps.odoo.com download — you request a quotation and we build your version.
Typical delivery is 2-4 weeks from confirmed scope. The timeline depends on your Odoo version, edition, and how many custom models and groups need to be covered. We confirm a firm date after the scoping call.
Pricing starts from $599 as an indicative single-company base-scope figure. After a short scoping call — where we confirm your edition, version, models, and groups — we send a fixed quote. Drivers such as multi-company record isolation, large custom-model sets, or deeper localization increase the quoted scope.
Every build includes a post-go-live support window for defect fixes and configuration questions. Because all changes are stored as standard Odoo security records (`ir.model.access`, `ir.rule`, groups, view extensions), your access model is upgrade-friendly. We can also quote a version-migration when you move to a newer Odoo release.
It targets Odoo 17.0, 18.0, and 19.0, on both Community and Enterprise. It builds only on the `base` and `web` modules, so it does not depend on Enterprise-only apps. We build against the exact version and edition you run.
No. Configuration is written back as native Odoo security records rather than as hard-coded view edits, and field/button rules are applied through computed groups layered onto view arch at render time — original views are never forked. Your access profiles are also exportable as an XML data module for safe re-application.
Yes. Full profiles export and import as XML, so you can define access on a development or staging database and promote the exact same configuration to production. The change diff log and conflict detector help you verify each profile before it goes live.
A build-to-order Odoo access-control designer that lets administrators hide or restrict any menu, field, button, action, or record per user group from a point-and-click UI — no XML or Python. ECOSIRE builds, installs, and supports it for your database after a scoping call.