When you first set up Odoo for your company, one of the most important responsibilities as an administrator is controlling who has access to what. Proper Odoo user management ensures your data stays secure, employees work efficiently, and external users such as customers or vendors can interact with the system without exposing sensitive information. Odoo provides a flexible but structured way to manage users, access rights, and data visibility through built-in tools. This article explains how these tools work and gives practical steps to help new admins manage access confidently.
Understanding User Types in Odoo
Odoo classifies users into three main types:
Internal users: These are your employees or team members who log into the backend to use Odoo applications such as Sales, Inventory, Accounting, or Projects. Each internal user consumes a license.
Portal users: These are external users, usually customers or vendors, who can log into their own portal to view their own quotations, invoices, tickets, or project tasks. They can’t access your backend but get self-service visibility.
Public user: This is the default shared user profile that anonymous visitors use when browsing your website or eCommerce pages. It’s not managed like a regular user.
This separation ensures that each type of user gets the right level of access depending on their role. For instance, an accountant should be able to post journal entries, but a customer should only see their invoices.
Access Rights and Security Groups
Odoo’s security is role-based. Instead of assigning permissions one by one, you add users to security groups that represent roles inside each application. For example, in Sales you may have “Sales User (own documents only)” or “Sales Manager (all documents) and an Administrator." The groups automatically grant rights to menus, features, and operations.
Access rights in Odoo operate at different levels:
Access Control Lists (ACLs): These decide whether a group of users can create, read, write, or delete a specific model (e.g., invoices, products, tasks). If the ACL doesn’t allow it, the action is blocked.
Record Rules: These further refine visibility at the record level. For example, sales users might only see orders they created, while managers can see all sales orders (in some cases, the users need approval from the admin to proceed).
An important principle is that rights are additive. If a user belongs to multiple groups, the system adds up their permissions. That’s why careful group assignment is critical; adding unnecessary groups can accidentally open up more access than intended.
Adding and Managing Users
As a new admin, you’ll spend time creating users and adjusting their roles. Here’s the step-by-step process:
Navigate to Settings → Users & Companies → Users. Click New to add a new user.
Fill in basic details such as the user’s name, email address, and select whether they are an internal or portal user.
Configure access rights. On the “Access Rights” tab, you’ll see a list of applications. For each app installed, assign the right role—such as “User,” “Manager,” or “Administrator.”
Assign companies. In multi-company environments, define which companies the user can access and set their default company.
Save and send access. Odoo automatically sends an invitation email so the user can set their password and log in.
If you need to reset a password, you can do so directly from the user form using the Change Password option.
Working with Portal Users
Portal access is a powerful feature for customer service. Instead of emailing invoices or project updates, you can invite contacts to join the portal. They’ll log in with their email and see only the documents linked to them—such as their own orders, invoices, helpdesk tickets, or timesheets.
To grant portal access, open the contact record, click Action → Grant Portal Access, and send the invitation. This way, your customers and vendors stay informed while you keep your backend safe.
Managing Multi-Company Access
Many businesses operate multiple companies within a single Odoo database. Odoo lets you decide which companies a user can access. For example, an accountant working in the US subsidiary should not have access to the India subsidiary unless required.
On the user’s Access Rights tab, you can select Allowed Companies and set the Default Company. Record rules then ensure users only see the records belonging to their allowed companies. This separation keeps financials and operations tidy across entities.
Security Guidelines for Admins
New administrators should follow a few key practices to keep the system secure:
Grant the least privilege necessary. Always start with the lowest role that allows the user to do their job, and increase only if needed.
Enable Two-Factor Authentication (2FA). This adds an extra code from an authenticator app on top of the password, greatly improving security.
Use Single Sign-On (SSO) if possible. Odoo integrates with Google and Microsoft accounts, allowing central login management.
Consider LDAP integration. Larger organizations can connect Odoo with Active Directory or LDAP so user access is managed centrally.
Review access regularly. People change roles over time—schedule periodic audits to make sure permissions are still appropriate.
Examples of how Odoo user management works
Here are some examples of how Odoo user management works in practice:
Sales reps should only see their own quotations. Assign them the “Sales User (own documents only)” group. Odoo’s record rules will ensure they only view records tied to them, and they can’t change the configurations of the Sales module.
A manager needs wider access. Sales Managers can view and approve all orders, while still having limited rights in other apps like Accounting.
Multi-company setup. A finance manager in one company may have full Accounting access there but only read-only rights in another company.
Customer self-service. Portal users can log in and download their invoices, which reduces manual requests and improves customer satisfaction.
These scenarios show how flexible Odoo can be when you configure users and groups thoughtfully.
Managing users and access rights in Odoo is all about balance—providing employees with enough access to be productive while protecting sensitive data. By understanding user types, assigning the right groups, applying record rules, and following best practices like 2FA and access reviews, you can build a secure and efficient environment.
For new admins, the key takeaway is to start small, test often, and document your roles. With a clear strategy and Odoo’s built-in tools, user management becomes straightforward and reliable, setting your business up for safe and scalable growth.
For more visit:www.cybrosys.com
Top comments (0)