A build-to-order Odoo access-control designer that lets administrators hide or restrict any menu, field, button, action, or record per user group from a point-and-click UI — no XML or Python. ECOSIRE builds, installs, and supports it for your database after a scoping call. Built to order by ECOSIRE for Odoo 17, 18, 19 — indicative price from $599.00 USD; request a quote for a scoped proposal.

A build-to-order Odoo access-control designer that lets administrators hide or restrict any menu, field, button, action, or record per user group from a point-and-click UI — no XML or Python. ECOSIRE builds, installs, and supports it for your database after a scoping call.
现在无需付款。此操作会向我们的团队发送报价请求——我们会通过邮件跟进价格和后续步骤。
Odoo security works, but configuring it is a developer job. To restrict a field, hide a smart button, or narrow which records a group can see, you normally hand-edit ir.model.access.csv, write ir.rule domains, and patch view arch with groups= attributes or attrs — all in XML and Python, redeployed through a module upgrade. Functional admins can set model-level CRUD and toggle group membership from Settings, but everything finer than that (per-field visibility, per-button access, own-records-only rules, hiding a specific sub-menu) requires touching source. That gap is where SMB teams either over-provision access they shouldn't, or wait on a developer for every small change.
Point-and-click editor over `ir.model.access` with a live permission matrix — set create/read/write/unlink per model per group and see effective rights update instantly
Visual `ir.rule` builder: compose record domains from a field/operator/value picker (own records `[('user_id','=',uid)]`, own team, own company) with no hand-written domains
Field-level visibility and read-only rules per group, applied via computed security groups injected into view arch at render time — original views are never edited or forked
Menu and sub-menu hiding per group driven from a tree view of the full `ir.ui.menu` hierarchy
Hide or disable header buttons, smart buttons, and object/action buttons per group without patching form XML
Restrict which window actions, server actions, and QWeb reports each group is allowed to launch
Granular Access Manager closes that gap with a UI-driven designer built on top of base and web. A permission matrix renders every model against every group so you can set create/read/write/unlink on ir.model.access with a click and see the resulting effective rights live. A visual ir.rule builder lets you compose record domains from a field/operator/value picker — "own records only" ([('user_id','=',uid)]), "own team", or "own company" — without hand-writing a domain or worrying about global vs groups evaluation. Field-level visibility and read-only rules are applied through computed security groups layered onto the view arch at render time, so you never edit or fork the original views. Menus and sub-menus are hidden from a tree of the full menu hierarchy; header buttons, smart buttons, and object/action buttons are hidden or disabled per group; and you can restrict which window actions, server actions, and QWeb reports a group is allowed to launch. Export, archive, duplicate, and Delete privileges are governed independently of raw unlink rights.
Everything you configure is written back as standard Odoo security records — ir.model.access, ir.rule, groups, and view extensions — so your access model survives module upgrades and is exportable as a clean data module. A Preview-as-user mode lets you impersonate a group and see exactly which menus, fields, and buttons that group will get before you save. A change diff log records every access modification with author, timestamp, and a before/after snapshot; any change reverts in one click, and full profiles export and import as XML. A conflict detector flags contradictory rules — for example one group granting read where a rule denies it — before they reach production.
Because this is a build-to-order product, ECOSIRE builds it for your database rather than shipping a generic download. After a short scoping call we confirm your Odoo edition (Community or Enterprise), target version (17.0, 18.0, or 19.0), the models and groups in scope, and any custom modules whose views and access need to be covered. We build against your actual model set, install and configure on a staging database, run UAT with your team, then deploy to production with a rollback plan and hand over the git repository. Typical delivery is 2-4 weeks from confirmed scope. Pricing starts from $599 (indicative, single-company base scope); broader coverage — multi-company record-rule isolation, large numbers of custom models, or deeper localization of access profiles — increases the quoted scope.
Owns day-to-day Odoo security but has no developer on staff. Needs to hide fields, restrict buttons, and scope records per group without raising a ticket or waiting on a partner for every small change.
Configures access as part of rollouts across multiple client databases. Wants a repeatable, UI-driven way to define profiles and export them as XML so the same access model promotes cleanly from dev to staging to production.
Responsible for segregation of duties and audit readiness. Needs a change diff log with author and timestamp, one-click revert, and a conflict detector so access decisions are documented and defensible.
Wants their team to see only their own or their team's records and to be blocked from delete, export, or archive actions — without those restrictions leaking to other departments.
在 ecosire.com 上购买许可证并从您的帐户仪表板下载 Granular Access Manager 模块 ZIP。
将 ZIP 解压到服务器上的 Odoo 自定义插件文件夹中(或通过“应用程序”>“从 Odoo.sh / runbot 上的文件安装”上传)。
激活开发者模式,打开应用程序,单击更新应用程序列表,搜索 Granular Access Manager,然后按安装。
打开新菜单,粘贴您的 ECOSIRE 许可证密钥,连接任何外部凭据(Shopify、Amazon、Stripe 等),然后保存。
运行内置连接测试,同步前 10 条记录,并安排定期 cron。如果出现任何问题,请联系支持人员。
| 标准 | 伊科西尔 | 定制建造 | 竞争对手 | 奥杜本机 |
|---|---|---|---|---|
| Field, button & menu restrictions | Point-and-click per group via computed security groups; no view edits | Hand-coded `groups=`/`attrs` in view XML per element | Often menu/model level only; field control limited | |
| Record-rule (ir.rule) authoring | Visual field/operator/value builder for own/team/company scopes | Domains written by hand in Python/XML | Some offer rule presets, rarely a full visual builder | |
| Preview-as-user before saving | Impersonate a group to see exact menus/fields/buttons live | Create a test user and log in separately to verify | Usually not included | |
| Audit trail of access changes | Diff log with author, timestamp, before/after snapshot | Only whatever git history the developer keeps | Rarely included | |
| Conflict / contradiction detection | Detector flags contradictory grant/deny rules pre-deploy | Discovered manually during testing | Typically absent | |
| Portability between databases | One-click profile export/import as XML; one-click revert | Manual data-module authoring | Varies; often no clean export | |
| Upgrade safety | Stored as standard security records; survives upgrades | Depends on discipline; forked views can break | Depends on vendor's approach | |
| Delivery & fit | Built for your models/groups, installed & supported by ECOSIRE | Bespoke but you own the maintenance burden | Generic download; may not fit custom models |
No. Granular Access Manager is build-to-order. ECOSIRE builds it for your specific Odoo database and model set, installs it on staging, and deploys to production after UAT. There is no instant apps.odoo.com download — you request a quotation and we build your version.
Typical delivery is 2-4 weeks from confirmed scope. The timeline depends on your Odoo version, edition, and how many custom models and groups need to be covered. We confirm a firm date after the scoping call.
Pricing starts from $599 as an indicative single-company base-scope figure. After a short scoping call — where we confirm your edition, version, models, and groups — we send a fixed quote. Drivers such as multi-company record isolation, large custom-model sets, or deeper localization increase the quoted scope.
Every build includes a post-go-live support window for defect fixes and configuration questions. Because all changes are stored as standard Odoo security records (`ir.model.access`, `ir.rule`, groups, view extensions), your access model is upgrade-friendly. We can also quote a version-migration when you move to a newer Odoo release.
It targets Odoo 17.0, 18.0, and 19.0, on both Community and Enterprise. It builds only on the `base` and `web` modules, so it does not depend on Enterprise-only apps. We build against the exact version and edition you run.
No. Configuration is written back as native Odoo security records rather than as hard-coded view edits, and field/button rules are applied through computed groups layered onto view arch at render time — original views are never forked. Your access profiles are also exportable as an XML data module for safe re-application.
Yes. Full profiles export and import as XML, so you can define access on a development or staging database and promote the exact same configuration to production. The change diff log and conflict detector help you verify each profile before it goes live.
A build-to-order Odoo access-control designer that lets administrators hide or restrict any menu, field, button, action, or record per user group from a point-and-click UI — no XML or Python. ECOSIRE builds, installs, and supports it for your database after a scoping call.