A build-to-order Odoo module that records every action on your Documents — create, edit, share, lock, split, download and e-sign — into a tamper-evident audit trail with dashboards and automated follow-up. ECOSIRE scopes, builds, installs and supports it for Odoo 17, 18 or 19. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $249.00 USD; request a quote for a scoped proposal.

A build-to-order Odoo module that records every action on your Documents — create, edit, share, lock, split, download and e-sign — into a tamper-evident audit trail with dashboards and automated follow-up. ECOSIRE scopes, builds, installs and supports it for Odoo 17, 18 or 19.
Aucun paiement maintenant. Ceci envoie une demande de devis à notre équipe — nous vous recontacterons par e-mail avec les tarifs et les prochaines étapes.
Odoo Documents and Sign are excellent at moving files through your business, but they are weak at answering the auditor's question: who did what, to which document, and when. The mail thread on a documents.document captures some field changes and messages, but it does not give you a single, queryable log of downloads, share-link access, folder moves, lock/unlock events, split operations, or the lifecycle of an e-signature request. When a compliance officer needs to prove a controlled document was never altered after approval — or find every user who downloaded a confidential contract — they end up stitching evidence together from mail.message, mail.tracking.value, server logs and the Sign module by hand. Odoo native simply was not built to be your document forensics system.
Append-only `document.audit.log` model with normalized `event_type`, `user_id`, `document_id`, `res_model`/`res_id`, timestamp and JSON `payload` of changed field values
Capture of create, write, share, lock/unlock, folder-move, split, archive and download events on `documents.document` via ORM overrides and targeted hooks
Controller-level download and share-link capture so actual file access — not just UI button clicks — is recorded, with source IP where the request exposes it
Full e-signature lifecycle tracking against `sign.request`/`sign.request.item`: sent, viewed, signed, declined and completed, with signer identity and per-field status
Record rules + `ir.model.access.csv` that make the log write-through-only, so history cannot be silently edited in place — tamper-evident by design
OWL/QWeb dashboard with activity-by-user, activity-by-document and activity-by-folder views plus KPI tiles
This module gives Documents a dedicated, immutable audit backbone. We add a document.audit.log model (models.Model) that captures a normalized event stream — event_type (create, write, share, lock, split, download, esign_sent, esign_signed, esign_declined), user_id, document_id, timestamp, source IP where available, and a JSON payload of changed values. Events are captured close to the source: write()/create() overrides and targeted hooks on documents.document, controller-level capture for actual file downloads and share-link hits (not just button clicks), and listeners on sign.request/sign.request.item so every signature field event is tracked with the signer and status. Records are append-only and protected by ir.model.access.csv plus record rules so that even administrators write through the API rather than editing history in place, keeping the trail defensible.
On top of that stream sits an OWL/QWeb dashboard: activity by user, by document and by folder, with drill-down into any single document's full timeline. Filters and group-bys let compliance officers slice by date range, event type, user or workspace, and every view is exportable — CSV/XLSX for spreadsheets and a branded QWeb PDF audit report for evidence packs. Because the log is a normal Odoo model, it is fully reachable over the XML-RPC/JSON-RPC API, so your GRC tooling or SIEM can pull events on a schedule. Finally, Odoo base.automation automated actions turn the log into a control system: a download of a restricted document can raise a mail.activity follow-up, an out-of-policy edit can open a helpdesk ticket or notify a reviewer, and an unsigned request past its deadline can escalate — all configured, not coded, once we wire the triggers.
Because this is build-to-order, you are not downloading a fixed package and hoping it fits. After a short scoping call we confirm exactly which events matter to you, which folders/document types are in scope, your retention rules, and which follow-up workflows to automate. We then build the module against your Odoo edition and version (17.0, 18.0 or 19.0; Community or Enterprise — noting that Documents and Sign are Enterprise apps), test it on a staging copy of your database, run UAT with your team, and deploy with a rollback plan. Typical delivery is 2–4 weeks from confirmed scope. You receive the full source, the git repository, documentation and training, plus a post-go-live support window.
Needs a single defensible source of truth for who accessed, changed or signed which document, and exportable evidence packs on demand — without stitching together mail threads and server logs by hand.
Runs controlled documents under ISO/GxP-style regimes and must prove that approved files were not altered afterward, that access is restricted, and that deviations trigger a follow-up action.
Owns the Odoo instance and wants event capture that survives upgrades, respects the security model, exposes a clean API for the SIEM, and is delivered as maintainable source rather than a black box.
Needs to demonstrate accountability over confidential contracts and personal data — who downloaded what, retention enforcement, and traceable e-signature workflows — for regulators and clients.
Achetez la licence sur ecosire.com et téléchargez le module ZIP Document Audit Log & Dashboard depuis le tableau de bord de votre compte.
Extrayez le ZIP dans votre dossier de modules complémentaires personnalisés Odoo sur le serveur (ou téléchargez-le via Applications > Installer à partir du fichier sur Odoo.sh / runbot).
Activez le mode développeur, ouvrez les applications, cliquez sur Mettre à jour la liste des applications, recherchez Document Audit Log & Dashboard et appuyez sur Installer.
Ouvrez le nouveau menu, collez votre clé de licence ECOSIRE, connectez toutes les informations d'identification externes (Shopify, Amazon, Stripe, etc.) et enregistrez.
Exécutez le test de connexion intégré, synchronisez vos 10 premiers enregistrements et planifiez le cron récurrent. Contactez le support si quelque chose échoue.
| Critère | ÉCOSIRE | Construction personnalisée | Concurrent | Odoo natif |
|---|---|---|---|---|
| Event coverage | Create, edit, share, lock, split, download and full e-sign lifecycle in one log | Whatever you have time to build and maintain | Usually a subset — often field changes only, no download/e-sign capture | |
| Download & share-link tracking | Controller-level capture of real file access, with source IP where available | Possible but easy to miss the real download path | Rarely captured; typically UI-click level only | |
| E-signature events | Sent/viewed/signed/declined per signer, tied into the same trail | Separate integration work against `sign.request` | Usually out of scope of a Documents audit add-on | |
| Tamper resistance | Append-only, write-through record rules; optional hash-chaining | Depends entirely on how it's coded | Often editable by admins | |
| Dashboard & reporting | OWL dashboard + per-document timeline + CSV/XLSX + QWeb PDF evidence pack | Build every view yourself | Basic list view; limited export | |
| Follow-up automation | `base.automation` triggers activities, tickets and escalations on flagged events | Wire each automated action manually | Seldom included | |
| Fit & version match | Built for your exact edition and 17/18/19 version, scoped to your policies | Fully bespoke but you carry all the effort and risk | Generic; may lag your Odoo version | |
| Ownership & support | Full source + git handover, docs, training, post-go-live support window | You own it and you maintain it | Vendor-locked; support varies |
This is a build-to-order module, not an instant download. Typical delivery is 2–4 weeks from confirmed scope — the clock starts once we've agreed on the events to capture, the folders/document types in scope, retention rules and the follow-up workflows to automate. Tighter or broader scopes shift that range, and we confirm a firm timeline in writing after the scoping call.
The audit-log engine and dashboard can run on either edition. However, the Documents app and the Sign (e-signature) app are Odoo Enterprise features, so download/share and e-sign event tracking require Enterprise. On Community we can still audit attachments and other document-bearing models — we confirm exactly what's feasible for your setup during scoping.
We build against Odoo 17.0, 18.0 or 19.0 — you tell us your version and edition and we target it specifically, including matching the correct Documents and Sign model APIs for that release. We don't ship one generic package; the module is compiled and tested for your environment.
Yes. We capture at the controller level where the actual file bytes are served and where share links are resolved, so an audited download reflects real access rather than a UI interaction. Where the request exposes it, we also record the source IP. The exact capture points are confirmed for your version during the build.
It's tamper-evident and append-only by design. Access rights via `ir.model.access.csv` and record rules make the log write-through-only, so no one — including administrators — edits history in place through the UI. All events funnel through controlled create paths. For stricter regimes we can add hash-chaining or periodic exports to external immutable storage as part of scope.
We use Odoo's `base.automation` automated actions on the log so defined events drive real actions — raising a `mail.activity` to a reviewer, opening a helpdesk ticket, or emailing a compliance officer. Rules are configurable (for example, any download from a restricted folder, or an edit after approval), so you adjust policy without new code once the triggers are wired.
Every engagement includes a post-go-live support window for bug fixes and configuration tweaks. Because we hand over the full git repository, your team can extend it independently, and we offer ongoing maintenance and version-upgrade work (for example, when you move from Odoo 18 to 19) as a separate agreement.
A build-to-order Odoo module that records every action on your Documents — create, edit, share, lock, split, download and e-sign — into a tamper-evident audit trail with dashboards and automated follow-up. ECOSIRE scopes, builds, installs and supports it for Odoo 17, 18 or 19.