{"id":"449a84c8-35eb-4022-b488-9d49bb2d2fda","shortId":"zqDtxa","kind":"skill","title":"odoo-security-rules","tagline":"Expert in Odoo access control: ir.model.access.csv, record rules (ir.rule), groups, and multi-company security patterns.","description":"# Odoo Security Rules\n\n## Overview\n\nSecurity in Odoo is managed at two levels: **model-level access** (who can read/write which models) and **record-level rules** (which records a user can see). This skill helps you write correct `ir.model.access.csv` entries and `ir.rule` domain-based record rules.\n\n## When to Use This Skill\n\n- Setting up access rights for a new custom module.\n- Restricting records so users only see their own data or their company's data.\n- Debugging \"Access Denied\" or \"You are not allowed to access\" errors.\n- Implementing multi-company record visibility rules.\n\n## How It Works\n\n1. **Activate**: Mention `@odoo-security-rules` and describe the access scenario.\n2. **Generate**: Get correct CSV access lines and XML record rules.\n3. **Debug**: Paste an access error and get a diagnosis with the fix.\n\n## Examples\n\n### Example 1: ir.model.access.csv\n\n```csv\nid,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink\naccess_hospital_patient_user,hospital.patient.user,model_hospital_patient,base.group_user,1,0,0,0\naccess_hospital_patient_manager,hospital.patient.manager,model_hospital_patient,base.group_erp_manager,1,1,1,1\n```\n\n> **Note:** Use `base.group_erp_manager` for ERP managers, not `base.group_system` — that group is reserved for Odoo's technical superusers. Always create a custom group for module-specific manager roles:\n>\n> ```xml\n> \n> Hospital Manager\n> \n> \n> ```\n\n### Example 2: Record Rule — Users See Only Their Own Records\n\n```xml\n\n Hospital Patient: Own Records Only\n \n [('create_uid', '=', user.id)]\n \n \n \n \n \n\n```\n\n> **Important:** If you omit ``, the rule becomes **global** and applies to ALL users, including admins. Always assign a group unless you explicitly intend a global restriction.\n\n### Example 3: Multi-Company Record Rule\n\n```xml\n\n Hospital Patient: Multi-Company\n \n \n ['|', ('company_id', '=', False),\n ('company_id', 'in', company_ids)]\n \n \n\n```\n\n## Best Practices\n\n- ✅ **Do:** Start with the most restrictive access and open up as needed.\n- ✅ **Do:** Use `company_ids` (plural) in multi-company rules — it includes all companies the user belongs to.\n- ✅ **Do:** Test rules using a non-admin user in debug mode — `sudo()` bypasses all record rules entirely.\n- ✅ **Do:** Create dedicated security groups per module rather than reusing core Odoo groups.\n- ❌ **Don't:** Give `perm_unlink = 1` to regular users unless deletion is explicitly required by the business process.\n- ❌ **Don't:** Leave `group_id` blank in `ir.model.access.csv` unless you intend to grant public (unauthenticated) access.\n- ❌ **Don't:** Use `base.group_system` for module managers — that grants full technical access including server configurations.\n\n## Limitations\n\n- Does not cover **field-level access control** (`ir.model.fields` read/write restrictions) — those require custom OWL or Python overrides.\n- **Portal and public user** access rules have additional nuances not fully covered here; test carefully with `base.group_portal`.\n- Record rules are **bypassed by `sudo()`** — any code running in superuser context ignores all `ir.rule` entries.\n- Does not cover **row-level security via PostgreSQL** (RLS) — Odoo manages all security at the ORM layer.","tags":["odoo","security","rules","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-odoo-security-rules","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/odoo-security-rules","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34666 github stars · SKILL.md body (4,086 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-23T06:51:41.948Z","embedding":null,"createdAt":"2026-04-18T21:41:54.621Z","updatedAt":"2026-04-23T06:51:41.948Z","lastSeenAt":"2026-04-23T06:51:41.948Z","tsv":"'0':185,186,187 '1':117,155,184,199,200,201,202,371 '2':129,238 '3':140,283 'access':8,36,75,97,105,127,134,144,174,188,311,399,412,423,439 'activ':118 'addit':442 'admin':270,342 'allow':103 'alway':223,271 'appli':265 'assign':272 'base':65 'base.group':182,196,205,212,403,451 'becom':262 'belong':333 'best':303 'blank':389 'busi':382 'bypass':348,456 'care':449 'code':460 'compani':18,93,110,286,294,295,298,301,319,325,330 'configur':415 'context':464 'control':9,424 'core':363 'correct':58,132 'cover':419,446,471 'creat':171,224,253,354 'csv':133,157 'custom':80,226,430 'data':90,95 'debug':96,141,345 'dedic':355 'delet':376 'deni':98 'describ':125 'diagnosi':149 'domain':64 'domain-bas':63 'entir':352 'entri':60,468 'erp':197,206,209 'error':106,145 'exampl':153,154,237,282 'expert':5 'explicit':277,378 'fals':297 'field':421 'field-level':420 'fix':152 'full':410 'fulli':445 'generat':130 'get':131,147 'give':368 'global':263,280 'grant':396,409 'group':14,163,215,227,274,357,365,387 'help':55 'hospit':175,180,189,194,235,248,290 'hospital.patient.manager':192 'hospital.patient.user':178 'id':158,161,162,164,165,296,299,302,320,388 'ignor':465 'implement':107 'import':256 'includ':269,328,413 'intend':278,394 'ir.model.access.csv':10,59,156,391 'ir.model.fields':425 'ir.rule':13,62,467 'layer':486 'leav':386 'level':32,35,45,422,474 'limit':416 'line':135 'manag':29,191,198,207,210,232,236,407,480 'mention':119 'mode':346 'model':34,41,160,179,193 'model-level':33 'modul':81,230,359,406 'module-specif':229 'multi':17,109,285,293,324 'multi-compani':16,108,284,292,323 'name':159 'need':316 'new':79 'non':341 'non-admin':340 'note':203 'nuanc':443 'odoo':2,7,21,27,121,219,364,479 'odoo-security-rul':1,120 'omit':259 'open':313 'orm':485 'overrid':434 'overview':24 'owl':431 'past':142 'patient':176,181,190,195,249,291 'pattern':20 'per':358 'perm':166,168,170,172,369 'plural':321 'portal':435,452 'postgresql':477 'practic':304 'process':383 'public':397,437 'python':433 'rather':360 'read':167 'read/write':39,426 'record':11,44,48,66,83,111,138,239,246,251,287,350,453 'record-level':43 'regular':373 'requir':379,429 'reserv':217 'restrict':82,281,310,427 'reus':362 'right':76 'rls':478 'role':233 'row':473 'row-level':472 'rule':4,12,23,46,67,113,123,139,240,261,288,326,337,351,440,454 'run':461 'scenario':128 'secur':3,19,22,25,122,356,475,482 'see':52,87,242 'server':414 'set':73 'skill':54,72 'skill-odoo-security-rules' 'source-sickn33' 'specif':231 'start':306 'sudo':347,458 'superus':222,463 'system':213,404 'technic':221,411 'test':336,448 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'two':31 'uid':254 'unauthent':398 'unless':275,375,392 'unlink':173,370 'use':70,204,318,338,402 'user':50,85,177,183,241,268,332,343,374,438 'user.id':255 'via':476 'visibl':112 'work':116 'write':57,169 'xml':137,234,247,289","prices":[{"id":"b36635ab-e0a8-4491-a931-44a58e408f39","listingId":"449a84c8-35eb-4022-b488-9d49bb2d2fda","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:41:54.621Z"}],"sources":[{"listingId":"449a84c8-35eb-4022-b488-9d49bb2d2fda","source":"github","sourceId":"sickn33/antigravity-awesome-skills/odoo-security-rules","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/odoo-security-rules","isPrimary":false,"firstSeenAt":"2026-04-18T21:41:54.621Z","lastSeenAt":"2026-04-23T06:51:41.948Z"}],"details":{"listingId":"449a84c8-35eb-4022-b488-9d49bb2d2fda","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"odoo-security-rules","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34666,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-23T06:41:03Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"c14d0a1bd94af2c87379a58dc61ae78e4196bf22","skill_md_path":"skills/odoo-security-rules/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/odoo-security-rules"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"odoo-security-rules","description":"Expert in Odoo access control: ir.model.access.csv, record rules (ir.rule), groups, and multi-company security patterns."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/odoo-security-rules"},"updatedAt":"2026-04-23T06:51:41.948Z"}}