{"id":26418,"date":"2025-08-13T10:48:21","date_gmt":"2025-08-13T10:48:21","guid":{"rendered":"https:\/\/tenthplanet.in\/odoo\/?p=26418"},"modified":"2025-10-27T09:15:49","modified_gmt":"2025-10-27T09:15:49","slug":"odoo-users-and-security","status":"publish","type":"post","link":"https:\/\/tenthplanet.in\/odoo\/product\/odoo-users-and-security\/","title":{"rendered":"Odoo Users and Security"},"content":{"rendered":"\n

Overview<\/strong><\/p>\n\n\n\n

Odoo Users and Security features allow business to manage multiple users with different roles, access levels, and permissions. Whether a business handling a small team or a large enterprise, it must define how each user interacts with the system.<\/p>\n\n\n\n

Odoo\u2019s security framework is designed to control access to data and features<\/strong> across different users and roles.<\/p>\n\n\n\n

Odoo defines each user either with 3 different types<\/p>\n\n\n\n

Internal Users<\/strong> \u2013 Employees or staffs who accesses the system and do business related operations such as  Purchase, Sales, Inventory, Accounting , HR etc.,<\/p>\n\n\n\n

Portal Users<\/strong> \u2013 Customers or partners who have limited access to frontend data through their own portal account (e.g., customer portal).<\/p>\n\n\n\n

Public Users<\/strong> \u2013 will be treated as anonymous users who browse the website<\/p>\n\n\n\n

As far as security frameworks are concerned, the following are the key controls to define the access level of the system<\/p>\n\n\n\n

Groups & Access Rights \u2013 <\/strong>Define the Security Group and access level of each feature and assign these groups to each user which controls the access to modules and features for \u200bthat user.<\/p>\n\n\n\n

Record Rules \u2013 <\/strong>Defines the access of specific records based on conditions<\/p>\n\n\n\n

Access control List (ACL) \u2013 <\/strong>Defines the access control list to a group which controls the group to create, read, write and delete records of a specific model. These can be configured in excel format which will be associated with each group or directly configured via User Interface<\/p>\n\n\n\n

Field Level Security \u2013 <\/strong>These can be Implemented and controlled via source code (custom code)<\/p>\n\n\n\n

Audit Trails –<\/strong> This enables logging for each of the screens to capture change logs<\/p>\n\n\n\n

 Workflow<\/strong><\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

Key Features<\/strong><\/p>\n\n\n\n

    \n
  • Odoo helps to create and manage multiple users who can access the system<\/li>\n\n\n\n
  • Assign users with Multiple roles \/ Groups which defines their access level<\/li>\n\n\n\n
  • Users can be categorized as \u201cInternal Users<\/strong>\u201d, \u201cPortal Users<\/strong>\u201d and \u201cPublic users<\/strong>\u201d<\/li>\n\n\n\n
  • Users can be deactivated any time by the administrator when they no longer to use the system or upon his\/her exit from the organization<\/li>\n\n\n\n
  • Centralized Access Control which defines the permissions for Modules and features<\/li>\n\n\n\n
  • Restriction of Records to the users    to protect the data from unauthorized users<\/li>\n\n\n\n
  • Control the Visibility of fields through custom code supported by odoo<\/li>\n\n\n\n
  • Multi User and Multi company Feature helps to provide the accessibility of multi company\u2019s data to multi users<\/li>\n\n\n\n
  • Track the user activities through capturing change log feature<\/li>\n<\/ul>\n\n\n\n

     Key Benefits<\/strong><\/p>\n\n\n\n

      \n
    • Micro level Access Control<\/li>\n\n\n\n
    • Role-Based Security<\/li>\n\n\n\n
    • Data Privacy & Protection<\/li>\n\n\n\n
    • Multi-Company Support<\/li>\n\n\n\n
    • Better Accountability<\/li>\n\n\n\n
    • Customization flexibility<\/li>\n\n\n\n
    • Better User Experience<\/li>\n\n\n\n
    • Ease of Administration<\/li>\n<\/ul>\n\n\n\n

      User Management Features<\/strong><\/p>\n\n\n\n

        \n
      • Create Users<\/li>\n\n\n\n
      • Define User Preferences<\/li>\n\n\n\n
      • Define User Types<\/li>\n\n\n\n
      • Activate\/Deactivate Users<\/li>\n\n\n\n
      • Map Group Access<\/li>\n\n\n\n
      • Multiple Company & Branch Access<\/li>\n\n\n\n
      • Set Password Reset Instructions<\/li>\n\n\n\n
      • Change Password<\/li>\n\n\n\n
      • Reset Password<\/li>\n\n\n\n
      • 2Factor Authentication<\/li>\n\n\n\n
      • Geo Location wise Login Control<\/li>\n\n\n\n
      • Define IP Level Login Control<\/li>\n\n\n\n
      • Login with OTP<\/li>\n<\/ul>\n\n\n\n

        Create Users<\/strong><\/h2>\n\n\n\n

        Overview<\/strong><\/p>\n\n\n\n

        This helps Administrator to create one or more users, map them with required roles\/groups and apply the required access levels and permissions and finally send the invitation to users to activate the account<\/p>\n\n\n\n

        Process flow<\/strong><\/p>\n\n\n\n

        \"\"\/<\/figure>\n\n\n\n

        Business Rules<\/strong><\/p>\n\n\n\n

          \n
        • Login ID should be unique<\/li>\n\n\n\n
        • User needs to be defined as \u201cInternal User\u201d or \u201dPortal User\u201d or \u201cPublic User\u201d<\/li>\n\n\n\n
        • One User can have multiple Roles assigned<\/li>\n\n\n\n
        • Multiple users can have same role assigned<\/li>\n\n\n\n
        • One user can have one or more companies \/ Branches assigned<\/li>\n\n\n\n
        • Reset Password Instruction (Activation Link) should be sent to users once user account is created.<\/li>\n\n\n\n
        • Activation link will expire in 24 hours from the date & time of sending the Link<\/li>\n\n\n\n
        • Own Language can be set for each user account<\/li>\n\n\n\n
        • Default Home screen can be setup for each user to view after their login<\/li>\n\n\n\n
        • Provision to setup user\u2019s own email signature<\/li>\n\n\n\n
        • Adding Digital Signature to the user account<\/li>\n<\/ul>\n\n\n\n

          Screenshots<\/strong><\/p>\n\n\n\n

          Group\/Roles With Access rights<\/strong><\/p>\n\n\n\n

          \"\"\/<\/figure>\n\n\n\n

          Users With Access Group<\/strong><\/p>\n\n\n\n

          \"\"\/<\/figure>\n\n\n\n

          Change Password<\/strong><\/h2>\n\n\n\n

          Overview<\/strong><\/p>\n\n\n\n

          This helps user to change their login password whenever required. This can be done either by user or by the administrators<\/p>\n\n\n\n

          Process flow<\/strong><\/p>\n\n\n\n

          Change Password \u2013 By Admin<\/strong><\/p>\n\n\n\n

          \"\"\/<\/figure>\n\n\n\n

          Change Password \u2013 By User<\/strong><\/p>\n\n\n\n

          \"\"\/<\/figure>\n\n\n\n

          Business Rules<\/strong><\/p>\n\n\n\n

            \n
          • User must login to change their existing password<\/li>\n\n\n\n
          • Change password can be done by own or request admin to change the password<\/li>\n\n\n\n
          • Admin can change user\u2019s Password from User Screen<\/li>\n\n\n\n
          • Users can change their password from User Preferences<\/li>\n<\/ul>\n\n\n\n

            Screenshots<\/strong><\/p>\n\n\n\n

            Change Password through User Preference (Can be done by users by themselves)<\/strong><\/p>\n\n\n\n

            \"\"\/<\/figure>\n\n\n\n

            Change Password through User Screen (Can be done by Admin)<\/strong><\/p>\n\n\n\n

            \"\"\/<\/figure>\n\n\n\n

            Forget Password<\/strong><\/h2>\n\n\n\n

            Overview<\/strong><\/p>\n\n\n\n

            Forget password helps user to reset their password, if they forget the password of the application<\/p>\n\n\n\n

            Process Flow<\/strong><\/p>\n\n\n\n

            \"\"\/<\/figure>\n\n\n\n

            Business Rules<\/strong><\/p>\n\n\n\n

              \n
            • Registered user only can reset the password<\/li>\n\n\n\n
            • Only Active users can reset the password<\/li>\n\n\n\n
            • Reset link can be sent only to registered email<\/li>\n\n\n\n
            • Outgoing mail server should be enabled to send reset password link<\/li>\n\n\n\n
            • Reset can be done within 24 hours from the receipt of reset link, it will expire after that.<\/li>\n\n\n\n
            • Password can be any number of characters<\/li>\n\n\n\n
            • After reset , system will show successful message to user<\/li>\n<\/ul>\n\n\n\n

              Screenshots<\/strong><\/p>\n\n\n\n

              \"\"\/<\/figure>\n\n\n\n
              \"\"\/<\/figure>\n\n\n\n
              \"\"\/<\/figure>\n\n\n\n

              2Factor Authentication (2FA)<\/strong><\/h2>\n\n\n\n

              Overview<\/strong><\/p>\n\n\n\n

              Odoo\u2019s 2Factor Authentication is a double authentication system which adds extra layer of security to check whether the logged in users are authorized by checking the following steps<\/p>\n\n\n\n

                \n
              • Verified with the Logged In password and ensure its correct<\/li>\n\n\n\n
              • Verified with the Authentication code generated from dedicated mobile app (Mobile number to be registered while enabling 2FA)<\/li>\n<\/ul>\n\n\n\n

                Process Flow<\/strong><\/p>\n\n\n\n

                \"\"\/<\/figure>\n\n\n\n

                Business Rules<\/strong><\/p>\n\n\n\n

                  \n
                • Two Factor Authentication can be configured by each user<\/li>\n\n\n\n
                • Enabling Two Factor Authentication requires their login password confirmation<\/li>\n\n\n\n
                • Authenticator App should be installed in user\u2019s mobile and using which the QR code shown in odoo should be scanned to add account<\/li>\n\n\n\n
                • Verification code generated in Authenticator app should be entered in odoo to validate and enable Two Factor Authentication<\/li>\n\n\n\n
                • System will validate the Verification code and enable the Two Factor authentication<\/li>\n\n\n\n
                • After enabling this, user must enter the verification code generated in Authenticator app into odoo while they login to validate the right user login<\/li>\n<\/ul>\n\n\n\n

                  Screenshots<\/strong><\/p>\n\n\n\n

                  Activate 2FA<\/strong><\/p>\n\n\n\n

                  \"\"\/<\/figure>\n\n\n\n

                  User Password confirmation<\/strong><\/p>\n\n\n\n

                  \"\"\/<\/figure>\n\n\n\n

                  Verification code Confirmation (Received from Microsoft Authenticator App)<\/strong><\/p>\n\n\n\n

                  \"\"\/<\/figure>\n\n\n\n
                  \"\"\/<\/figure>\n\n\n\n
                  \"\"\/<\/figure>\n\n\n\n
                  \"\"\/<\/figure>\n\n\n\n

                  Geo Location wise Login Control<\/strong><\/h2>\n\n\n\n

                  Overview<\/strong><\/p>\n\n\n\n

                  Geo Location Login control helps the system to control user\u2019s login from their right geographical location. System won\u2019t allow user to login when they try to login odoo from unauthorized geo locations<\/p>\n\n\n\n

                  Process Flow<\/strong><\/p>\n\n\n\n

                  \"\"\/<\/figure>\n\n\n\n

                  \u200b<\/p>\n\n\n\n

                  Business Rules<\/strong><\/p>\n\n\n\n

                    \n
                  • Login with Geo Location option should be enabled to each user to control their login<\/li>\n\n\n\n
                  • If Geo Location verification is not enabled, it will be skipped and allow user to login directly<\/li>\n\n\n\n
                  • One user may have enabled with multiple Geo Locations<\/li>\n\n\n\n
                  • If Geo locations valid while login, system will allow users to login when credentials matches<\/li>\n\n\n\n
                  • If Geo locations not matches, system will deny users from login even though credentials matches<\/li>\n<\/ul>\n\n\n\n

                    Screenshots<\/strong><\/p>\n\n\n\n

                    Configure Geo Locations<\/strong><\/p>\n\n\n\n

                    \"\"\/<\/figure>\n\n\n\n

                    Login Allowed from the configured Location<\/strong><\/p>\n\n\n\n

                    \"\"\/<\/figure>\n\n\n\n

                    IP Address wise Login Control<\/strong><\/h2>\n\n\n\n

                    Overview<\/strong><\/p>\n\n\n\n

                    IP Address Login control helps the system to control user\u2019s login from allowed IP Addresses. System won\u2019t allow user to login when they try to login Odoo from any unauthorized IP Addresses<\/p>\n\n\n\n

                    Process Flow<\/strong><\/p>\n\n\n\n

                    \"\"\/<\/figure>\n\n\n\n

                    Business Rules<\/strong><\/p>\n\n\n\n

                      \n
                    • Login with IP Address option should be enabled to each user to control their login<\/li>\n\n\n\n
                    • If IP Address verification is not enabled, it will be skipped and allow user to login directly<\/li>\n\n\n\n
                    • One user may have enabled with multiple IP Addresses<\/li>\n\n\n\n
                    • If IP Address valid while login, system will allow users to login when credentials matches<\/li>\n\n\n\n
                    • If IP address not matches, system will deny users from login even though credential matches<\/li>\n<\/ul>\n\n\n\n

                      Screenshots<\/strong><\/p>\n\n\n\n

                      \"\"\/<\/figure>\n","protected":false},"excerpt":{"rendered":"

                      Overview Odoo Users and Security features allow business to manage multiple users with different roles, access levels, and permissions. Whether […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[344,9],"tags":[],"class_list":["post-26418","post","type-post","status-publish","format-standard","hentry","category-odoo-product","category-product"],"acf":[],"_links":{"self":[{"href":"https:\/\/tenthplanet.in\/odoo\/wp-json\/wp\/v2\/posts\/26418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tenthplanet.in\/odoo\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tenthplanet.in\/odoo\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tenthplanet.in\/odoo\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tenthplanet.in\/odoo\/wp-json\/wp\/v2\/comments?post=26418"}],"version-history":[{"count":0,"href":"https:\/\/tenthplanet.in\/odoo\/wp-json\/wp\/v2\/posts\/26418\/revisions"}],"wp:attachment":[{"href":"https:\/\/tenthplanet.in\/odoo\/wp-json\/wp\/v2\/media?parent=26418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tenthplanet.in\/odoo\/wp-json\/wp\/v2\/categories?post=26418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tenthplanet.in\/odoo\/wp-json\/wp\/v2\/tags?post=26418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}