Odoo Users and Security

Overview

Odoo Users and Security features allow business to manage multiple users with different roles, access levels, and permissions. Whether a business handling a small team or a large enterprise, it must define how each user interacts with the system.

Odoo’s security framework is designed to control access to data and features across different users and roles.

Odoo defines each user either with 3 different types

Internal Users – Employees or staffs who accesses the system and do business related operations such as  Purchase, Sales, Inventory, Accounting , HR etc.,

Portal Users – Customers or partners who have limited access to frontend data through their own portal account (e.g., customer portal).

Public Users – will be treated as anonymous users who browse the website

As far as security frameworks are concerned, the following are the key controls to define the access level of the system

Groups & Access Rights – Define the Security Group and access level of each feature and assign these groups to each user which controls the access to modules and features for ​that user.

Record Rules – Defines the access of specific records based on conditions

Access control List (ACL) – Defines the access control list to a group which controls the group to create, read, write and delete records of a specific model. These can be configured in excel format which will be associated with each group or directly configured via User Interface

Field Level Security – These can be Implemented and controlled via source code (custom code)

Audit Trails – This enables logging for each of the screens to capture change logs

 Workflow

Key Features

• Odoo helps to create and manage multiple users who can access the system
• Assign users with Multiple roles / Groups which defines their access level
• Users can be categorized as “Internal Users”, “Portal Users” and “Public users”
• Users can be deactivated any time by the administrator when they no longer to use the system or upon his/her exit from the organization
• Centralized Access Control which defines the permissions for Modules and features
• Restriction of Records to the users    to protect the data from unauthorized users
• Control the Visibility of fields through custom code supported by odoo
• Multi User and Multi company Feature helps to provide the accessibility of multi company’s data to multi users
• Track the user activities through capturing change log feature

 Key Benefits

• Micro level Access Control
• Role-Based Security
• Data Privacy & Protection
• Multi-Company Support
• Better Accountability
• Customization flexibility
• Better User Experience
• Ease of Administration

User Management Features

• Create Users
• Define User Preferences
• Define User Types
• Activate/Deactivate Users
• Map Group Access
• Multiple Company & Branch Access
• Set Password Reset Instructions
• Change Password
• Reset Password
• 2Factor Authentication
• Geo Location wise Login Control
• Define IP Level Login Control
• Login with OTP

Create Users

Overview

This helps Administrator to create one or more users, map them with required roles/groups and apply the required access levels and permissions and finally send the invitation to users to activate the account

Process flow

Business Rules

• Login ID should be unique
• User needs to be defined as “Internal User” or ”Portal User” or “Public User”
• One User can have multiple Roles assigned
• Multiple users can have same role assigned
• One user can have one or more companies / Branches assigned
• Reset Password Instruction (Activation Link) should be sent to users once user account is created.
• Activation link will expire in 24 hours from the date & time of sending the Link
• Own Language can be set for each user account
• Default Home screen can be setup for each user to view after their login
• Provision to setup user’s own email signature
• Adding Digital Signature to the user account

Screenshots

Group/Roles With Access rights

Users With Access Group

Change Password

Overview

This helps user to change their login password whenever required. This can be done either by user or by the administrators

Process flow

Change Password – By Admin

Change Password – By User

Business Rules

• User must login to change their existing password
• Change password can be done by own or request admin to change the password
• Admin can change user’s Password from User Screen
• Users can change their password from User Preferences

Screenshots

Change Password through User Preference (Can be done by users by themselves)

Change Password through User Screen (Can be done by Admin)

Forget Password

Overview

Forget password helps user to reset their password, if they forget the password of the application

Process Flow

Business Rules

• Registered user only can reset the password
• Only Active users can reset the password
• Reset link can be sent only to registered email
• Outgoing mail server should be enabled to send reset password link
• Reset can be done within 24 hours from the receipt of reset link, it will expire after that.
• Password can be any number of characters
• After reset , system will show successful message to user

Screenshots

2Factor Authentication (2FA)

Overview

Odoo’s 2Factor Authentication is a double authentication system which adds extra layer of security to check whether the logged in users are authorized by checking the following steps

• Verified with the Logged In password and ensure its correct
• Verified with the Authentication code generated from dedicated mobile app (Mobile number to be registered while enabling 2FA)

Process Flow

Business Rules

• Two Factor Authentication can be configured by each user
• Enabling Two Factor Authentication requires their login password confirmation
• Authenticator App should be installed in user’s mobile and using which the QR code shown in odoo should be scanned to add account
• Verification code generated in Authenticator app should be entered in odoo to validate and enable Two Factor Authentication
• System will validate the Verification code and enable the Two Factor authentication
• After enabling this, user must enter the verification code generated in Authenticator app into odoo while they login to validate the right user login

Screenshots

Activate 2FA

User Password confirmation

Verification code Confirmation (Received from Microsoft Authenticator App)

Geo Location wise Login Control

Overview

Geo Location Login control helps the system to control user’s login from their right geographical location. System won’t allow user to login when they try to login odoo from unauthorized geo locations

Process Flow

​

Business Rules

• Login with Geo Location option should be enabled to each user to control their login
• If Geo Location verification is not enabled, it will be skipped and allow user to login directly
• One user may have enabled with multiple Geo Locations
• If Geo locations valid while login, system will allow users to login when credentials matches
• If Geo locations not matches, system will deny users from login even though credentials matches

Screenshots

Configure Geo Locations

Login Allowed from the configured Location

IP Address wise Login Control

Overview

IP Address Login control helps the system to control user’s login from allowed IP Addresses. System won’t allow user to login when they try to login Odoo from any unauthorized IP Addresses

Process Flow

Business Rules

• Login with IP Address option should be enabled to each user to control their login
• If IP Address verification is not enabled, it will be skipped and allow user to login directly
• One user may have enabled with multiple IP Addresses
• If IP Address valid while login, system will allow users to login when credentials matches
• If IP address not matches, system will deny users from login even though credential matches

Screenshots