A build-to-order Odoo module that lets you restrict menus, fields, buttons, reports, views, and tabs per user or group from one control panel. ECOSIRE scopes, builds, installs, and supports it — it is not an instant download. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $799.00 USD; request a quote for a scoped proposal.

A build-to-order Odoo module that lets you restrict menus, fields, buttons, reports, views, and tabs per user or group from one control panel. ECOSIRE scopes, builds, installs, and supports it — it is not an instant download.
Sem pagamento agora. Isto envia um pedido de orçamento à nossa equipe — responderemos por e-mail com preços e próximos passos.
Odoo ships with a capable security model — groups, ir.model.access.csv for CRUD at the model level, and record rules for row-level scoping — but most teams hit a wall the moment they need finer control. You cannot, out of the box, hide a specific button on a form for one department, blank out a sensitive field like a salary or cost price for a role, remove a single menu item without touching the group that grants the underlying access, or block a QWeb report from being printed by users who can still see the record. Admins end up cloning groups, hand-editing XML, and maintaining brittle overrides that break on every upgrade. Access intent lives in a dozen places, and nobody can answer "who can actually do what" without opening the database.
Central admin screen to define access rules per user or per security group, with additive union evaluation across a user's groups
Menu restriction that hides top-level and nested `ir.ui.menu` items without cloning or editing the group that grants the underlying model access
Field-level control: mark any field read-only or fully hidden, enforced server-side in the view architecture so values never reach the browser or RPC
Button locking for header and statusbar buttons (e.g. Confirm, Validate, Cancel) so restricted users see the record but cannot trigger the action
Notebook tab hiding on form views (e.g. Accounting, Other Info tabs) driven by user/group rules
View-type restriction to remove or lock specific list, form, kanban, pivot, or graph views for chosen roles
All In One Access Management is a productized module we build for you that consolidates access control into one administrator screen. From a single configuration model you restrict, per user or per security group, the pieces of the interface that Odoo's native tools leave exposed: top-level and nested menu items, individual fields (read-only or fully hidden), header and statusbar buttons, notebook tabs, list/form/kanban views, and QWeb report actions. Rules are additive and evaluated at render time, so a person in three groups gets the correct union of restrictions without you cloning a single group.
Technically, the module defines its own configuration models (models.Model) with a clean __manifest__.py declaring dependencies and data files, and enforces rules by extending the relevant _fields_view_get / view-arch pipeline for fields, tabs, buttons and views, layering ir.ui.menu visibility on top of Odoo's menu computation, and gating ir.actions.report execution for report locking. Sensitive-field hiding is applied server-side in the view architecture — not just CSS — so values are not shipped to the browser and cannot be read via the developer tools or the XML-RPC/JSON-RPC API by an unauthorized user. Access decisions are cached per user/group and invalidated on rule change to keep form rendering fast. Everything respects the existing ir.model.access.csv and record-rule layer rather than replacing it, and we keep an audit-friendly configuration so you can export exactly who is restricted from what. We support Odoo 17.0, 18.0, and 19.0, and adapt to Community or Enterprise (some Enterprise-only views and studio-generated fields need specific handling, which we cover during scoping).
Because this is build-to-order, nothing is auto-installed to your database on purchase. We start with a short scoping call to map your groups, the exact menus/fields/buttons/reports you want governed, and your Community-vs-Enterprise setup and edition. We then build against your version, deliver on a staging database for UAT, and go live only after you sign off — typical delivery is 2-4 weeks from confirmed scope. You receive the installable source, documentation, and a support window. Pricing starts from $799 (indicative, single-company base scope); wider rule matrices, multi-company access segregation, and integration with custom or third-party modules increase the quoted scope.
Owns the group and access model and is tired of cloning groups and hand-editing XML to hide one button or field. Wants one screen to manage menu, field, button, report, and tab restrictions that survives upgrades across 17/18/19.
Needs cost prices, margins, salaries, or vendor data hidden from staff who still must use the same forms, and needs certain reports locked from printing — without breaking those users' day-to-day access.
Must demonstrate segregation of duties and produce a defensible answer to 'who can view or do what' across the ERP, with an exportable restriction matrix rather than a database spelunking exercise.
Runs several companies in one Odoo database and needs access rules that differ by company and role, layered cleanly on top of existing record rules without a fragile web of custom groups.
Compre a licença em ecosire.com e baixe o ZIP do módulo All In One Access Management no painel da sua conta.
Extraia o ZIP em sua pasta de complementos personalizados do Odoo no servidor (ou faça upload via Aplicativos > Instalar do arquivo em Odoo.sh/runbot).
Ative o modo de desenvolvedor, abra Aplicativos, clique em Atualizar lista de aplicativos, procure por All In One Access Management e pressione Instalar.
Abra o novo menu, cole sua chave de licença ECOSIRE, conecte quaisquer credenciais externas (Shopify, Amazon, Stripe, etc.) e salve.
Execute o teste de conexão integrado, sincronize seus primeiros 10 registros e agende o cron recorrente. Entre em contato com o suporte se algo falhar.
| Critério | ECOSIRE | Construção personalizada | Concorrente | Odoo nativo |
|---|---|---|---|---|
| Menu / field / button / tab restriction per user or group | All governed from one admin screen, additive across groups | Achievable but you build and maintain each override yourself | Often covers menus and fields; button/tab/report support varies | |
| Report (QWeb) print/download locking | Gates `ir.actions.report` per user or group | Possible with bespoke action overrides you maintain | Sometimes offered, sometimes a separate add-on | |
| Enforcement depth | Server-side in view arch and report actions, not CSS-only | Depends entirely on how carefully you build it | Varies; some rely on client-side hiding | |
| Fit to your version and edition | Built for your 17/18/19, Community or Enterprise | Fully tailored, at full custom-build cost | Generic build; edge cases on your setup are your problem | |
| Upgrade and maintenance | Documented, git-handed-over, support window included | Your team owns all future upgrade breakage | Vendor updates on their schedule, not yours | |
| Audit / 'who can do what' visibility | Exportable restriction matrix | Only if you build reporting for it | Rarely provided | |
| Delivery model | Build-to-order, UAT on staging, sign-off then go-live | Full project from scratch | Instant download, self-install and self-support | |
| Indicative cost | From $799, fixed quote after scoping | Typically higher; full bespoke development | Low list price, no tailoring or support scope |
No. It is build-to-order. ECOSIRE scopes your exact requirements, builds the module against your Odoo version and edition, delivers it on a staging database for UAT, and installs to production only after you sign off. You receive the installable source and git repository at handover.
Typical delivery is 2-4 weeks from confirmed scope. The timeline depends on how many menus, fields, buttons, reports, and views you want governed, whether multi-company segregation is needed, and any integration with custom modules. We confirm dates after the scoping call.
Pricing starts from $799, which is indicative for a single-company base scope. After a short scoping call we issue a fixed written quote. Wider rule matrices, multi-company access segregation, deeper localization, and integration with custom or third-party modules increase the quoted scope.
Every engagement includes a post-go-live support window for defects and configuration help. We build for Odoo 17.0, 18.0, or 19.0; migrating your rules to a newer major version, or extending them to new modules later, is available as a follow-on engagement and quoted separately.
It is enforced server-side in the view architecture and, where relevant, at the report action, so hidden field values are not sent to the browser and cannot be retrieved by an unauthorized user through developer tools or the XML-RPC/JSON-RPC API. It is not a CSS-only cosmetic hide.
No. It layers on top of your `ir.model.access.csv` entries and record rules, adding UI-level restrictions (menus, fields, buttons, tabs, views, reports) that Odoo core does not expose per user or group. Your existing groups and rules keep working.
Yes, for 17.0, 18.0, and 19.0. Some Enterprise-only views and studio-generated fields need specific handling; we identify those during scoping and cover them in the build so the restrictions behave consistently on your edition.
A build-to-order Odoo module that lets you restrict menus, fields, buttons, reports, views, and tabs per user or group from one control panel. ECOSIRE scopes, builds, installs, and supports it — it is not an instant download.