A build-to-order Odoo access-control layer that adds field-level permissions, role-based profiles, and granular record rules on top of Odoo's native security model. ECOSIRE scopes, builds, installs, and supports it for your exact org structure. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $599.00 USD; request a quote for a scoped proposal.

A build-to-order Odoo access-control layer that adds field-level permissions, role-based profiles, and granular record rules on top of Odoo's native security model. ECOSIRE scopes, builds, installs, and supports it for your exact org structure.
Aucun paiement maintenant. Ceci envoie une demande de devis à notre équipe — nous vous recontacterons par e-mail avec les tarifs et les prochaines étapes.
Most teams hit the same wall as their Odoo footprint grows: the native security model gives you ir.model.access.csv (create/read/write/unlink per group) and record rules for row-level scoping, but it has no concept of hiding or read-only-ing an individual field by role, no reusable "permission profile" you can assign to a job function, and no built-in audit trail of who changed what access when. So sensitive data — supplier cost prices, salary fields on hr.employee, bank details on res.partner, margins on sale lines — ends up visible to anyone with model access, and access design drifts into a sprawl of one-off groups that nobody can reason about at audit time. This is a real governance and compliance gap, not a cosmetic one.
Field-level access policies per model and field with view / edit / deny modes, enforced server-side via ORM `read`, `write`, and `fields_get` overrides — not just UI hiding
Role / permission-profile abstraction that bundles model ACLs, record rules, field policies, menu visibility, and export rights into one assignable unit
Dynamic view adaptation: injects computed `readonly` and `invisible` modifiers into form/list/kanban XML so restricted fields never render for unauthorized users
QWeb report masking so field-level restrictions also apply to printed PDFs and downloadable reports, not only on-screen views
Programmatic generation of `ir.rule` record rules from role definitions for row-level scoping (own records, team, company, custom domains)
Menu, action, and button visibility control tied to roles, keeping restricted workflows out of the UI entirely for unentitled users
Advance Access Management is a build-to-order module ECOSIRE designs and builds for your instance to close that gap. At its core it introduces a field-level access layer: per model and per field, you define which roles can view, edit, or are denied a field, enforced both server-side (via ORM read/write/fields_get overrides and computed readonly/invisible modifiers injected into views) and reflected in the UI (XML/OWL view adaptation and QWeb report masking) so restricted data never reaches an unauthorized user's browser or PDF. On top of that we build a role/permission-profile abstraction — a role bundles model ACLs, record rules, field policies, menu and action visibility, and export/import rights into one assignable unit, so onboarding a new "Warehouse Supervisor" or "AP Clerk" is one assignment instead of a dozen group toggles.
Technically this is delivered as a clean, dependency-declared module: new models (models.Model with fields, @api.depends computes, and @api.constrains guards) hold the role and field-policy definitions; the enforcement rides on ORM method overrides and dynamically generated ir.rule records rather than monkey-patching, so upgrades stay safe. Automated actions and server actions can react to access events, an audit log model captures every access-relevant change with user, timestamp, and old/new values, and the whole policy surface is reachable over XML-RPC/JSON-RPC for provisioning from your IdP or HR system. We respect Community vs Enterprise boundaries — nothing depends on Enterprise-only modules unless your instance already runs them — and we build against your target series among Odoo 17.0, 18.0, and 19.0.
Because it is build-to-order, nothing ships until we agree on scope. It starts with a short scoping call to map your roles, the models and fields that matter, and your compliance requirements; we then confirm a fixed quote, build on a staging copy of your database, run UAT with your team, and cut over with a rollback plan. Typical delivery is 2–4 weeks from confirmed scope. You receive the full installable source and the git repository — this is your module, not a rented black box.
Pricing starts from $599 (indicative, single-company base scope); multi-company rule sets, deeper field coverage across many models, IdP/HR provisioning integrations, and localization or migration of existing group structures increase the quoted scope. We give you a firm fixed quote after the scoping call — never a surprise on delivery.
Owns the instance and is drowning in one-off security groups. Needs reusable role profiles, an effective-permission viewer, and a way to grant onboarding access in one assignment instead of a dozen toggles — without hand-editing ir.model.access.csv every time.
Answerable to auditors for segregation of duties and data access. Needs field-level restriction on sensitive data (salaries, costs, bank details), an immutable audit trail of access changes, and a clear report of who can see what.
Runs a department where clerks must process records without seeing margins, cost prices, or colleagues' pay. Needs field-level read/edit control and export gating so day-to-day work continues while sensitive fields stay masked.
Runs Odoo across several companies and wants consistent, provisioning-driven access governance. Needs multi-company-aware roles and XML-RPC/JSON-RPC hooks to sync entitlements from an IdP or HR system.
Achetez la licence sur ecosire.com et téléchargez le module ZIP Advance Access Management depuis le tableau de bord de votre compte.
Extrayez le ZIP dans votre dossier de modules complémentaires personnalisés Odoo sur le serveur (ou téléchargez-le via Applications > Installer à partir du fichier sur Odoo.sh / runbot).
Activez le mode développeur, ouvrez les applications, cliquez sur Mettre à jour la liste des applications, recherchez Advance Access Management et appuyez sur Installer.
Ouvrez le nouveau menu, collez votre clé de licence ECOSIRE, connectez toutes les informations d'identification externes (Shopify, Amazon, Stripe, etc.) et enregistrez.
Exécutez le test de connexion intégré, synchronisez vos 10 premiers enregistrements et planifiez le cron récurrent. Contactez le support si quelque chose échoue.
| Critère | ÉCOSIRE | Construction personnalisée | Concurrent | Odoo natif |
|---|---|---|---|---|
| Field-level access (per field, per role) | Built in: view / edit / deny enforced at ORM and view layer | Possible but you design and maintain the enforcement yourself | Varies; often UI-only hiding that data can bypass | |
| Reusable role / permission profiles | Roles bundle ACLs, rules, field policies, menus in one unit | Whatever you choose to build; usually ad-hoc | Sometimes offered, rarely tailored to your job functions | |
| Audit trail of access changes | Immutable log with user, timestamp, old/new values | Only if you scope and build it | Rarely included or limited | |
| Fit to your org structure | Scoped to your exact roles, models, and compliance needs | Fully bespoke but you carry the design burden | Generic; you adapt your process to the app | |
| PDF / export enforcement | QWeb masking + export gating server-side | Must be built and tested per report | Often missing — restrictions stop at the screen | |
| Ownership and maintainability | Full source + git repo handover; clean, upgrade-safe module | You own it, but quality depends on the builder | Vendor-locked black box; limited source visibility | |
| Support and delivery | Scoping call, UAT on staging, rollback plan, support window | Depends on your team or contractor availability | Ticket-based, no tailoring to your instance | |
| Version coverage | Built for your target: Odoo 17.0, 18.0, or 19.0 | Whatever you build for | May lag latest series or force upgrades |
No. Advance Access Management is build-to-order: ECOSIRE designs, builds, installs, and supports it for your specific Odoo instance and org structure. It is not an existing apps.odoo.com download, so there is no instant-download link. You get the full source and git repository once it is built for you.
Typical delivery is 2–4 weeks from confirmed scope. The timeline starts once we have completed the scoping call, agreed the roles/fields/models in play, and you have approved the fixed quote. Larger scopes — many models, multi-company, or IdP provisioning — sit toward the upper end or are staged into phases.
Pricing starts from $599 as an indicative figure for a single-company base scope. It is not a fixed price: after a short scoping call we send a firm fixed quote reflecting your actual field coverage, number of roles, multi-company needs, integrations, and any migration of existing groups. You approve the quote before we build.
Native security handles model-level ACLs (`ir.model.access.csv`) and row-level record rules well, but it has no field-level view/edit/deny by role, no reusable role profiles, and no built-in audit trail. This module adds that layer on top of the native model — it complements Odoo core rather than replacing it.
We build and test against Odoo 17.0, 18.0, and 19.0, on both Community and Enterprise. The module declares clean dependencies in `__manifest__.py` and does not require Enterprise-only modules unless your instance already runs them. Tell us your version and edition on the scoping call.
Every build includes a post-go-live support window for bug fixes and access-policy adjustments. Because you receive the full source and git repository, you can also maintain it yourself. We offer ongoing support and upgrade-to-next-version engagements as a separate agreement when you want us to keep it current.
No. Enforcement is server-side at the ORM layer, so restrictions apply to on-screen views, list-view exports, and QWeb PDF reports alike. We also gate the bulk-export action so a user with read access can still be blocked from exporting sensitive datasets.

A build-to-order 2Checkout (Verifone) payment integration for ERPNext, giving global digital-goods sellers card acceptance, 45+ local payment methods, multi-currency checkout, and reconciled invoices. ECOSIRE scopes, builds, installs, and supports it on your ERPNext v15/v16 instance.

A build-to-order 2Checkout / Verifone payment gateway for Magento 2 and Adobe Commerce: localized checkout in 12 languages, iDEAL, Giropay and regional methods, multi-currency global selling, subscription billing and tax/invoicing automation — engineered, installed and supported by ECOSIRE.

A build-to-order ERPNext application for anonymous 360-degree reviews — configurable peer, manager, report and self rater groups, weighted competency scoring, and aggregated gap-analysis and heatmap reports. ECOSIRE scopes, builds, installs and supports it on your Frappe/ERPNext v15/v16 instance.
A build-to-order Odoo access-control layer that adds field-level permissions, role-based profiles, and granular record rules on top of Odoo's native security model. ECOSIRE scopes, builds, installs, and supports it for your exact org structure.