Group backend

base_group_backend
REPOSITORY
REPOSITORYOCA/server-backend
GIT
GIThttps://github.com/OCA/server-backend.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-backend/tree/18.0/base_group_backend
VERSION
VERSION 1.1.0
CATEGORY
CATEGORYTools
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), Pierre Verkest
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), Pierre Verkest
COMMITTERS
COMMITTERSFlorian da Costa, OCA-git-bot, oca-ci
WEBSITE
WEBSITEhttps://github.com/OCA/server-backend
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:30:19
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base
    - mail
    - base_setup
    - web
    - bus
    - web_tour
    - html_editor
    - calendar
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
This module adds two "Backend User" groups (`group_backend` and
`group_backend_ui_users`) with restricted access to odoo backend only
(`/web`), with less and more controlled access than the native "Internal
User" group.

> The problem with the "Internal User" group (`base.group_user`) is that
> it can be used by any new module added to your project, so you don't
> control clearly this group's accesses.

The UI access is provided only for `group_backend_ui_users` :

- minimal default access rules to access the user's own data:  
  - users and partners
  - mail activity, notification and channel
  - presence

- minimal default menu to restrict the available ones:  
  - notification
  - activities

Here is an example where a user from `group_backend_ui_users` can only
access and use the Dummy App. No other application is available to this
user (you may define your own application instead of the Dummy one).

![dummy_app](../static/description/dummy_app.png)

We suggest to use this module with its companion `base_user_role`.

## Limitations

At the time of writing, Odoo uses `user.share == False` and
`user.has_group("base.group_user") == True` to give the backend access
to `user`.

So technically, the module does 2 things :

- It sets the `share` parameter to `False` for `group_backend` users.
- It hijacks the `has_group` method of res.users by returning `True` for
  `group_backend` users when the requested group is `base.group_user`

This avoids to write a lot of overwrite in different controllers from
different modules ('portal', 'web', 'base', 'website') with hard coded
statements that check if user is part of the `base.group_user` or
`share == False` group.

Code Analysis

Views touched (1)
XML IDNameModelTypeStatus
backend_dummy_model_tree_view Backend dummy list view backend.dummy.model list New
Models touched (3)

New fields (4)
  • date_start Datetime
    default=fields.Datetime.now name='Date start' required=True
  • date_stop Datetime
    default=fields.Datetime.now name='Date stop' required=True
  • my_other_value Char
    name='Other value' required=True
  • my_value Char
    name='Value' required=True
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • get_user_roots(self)
    @api.model@api.returns('self')
    Avoid to display root menus with no defined groups_id to Backend UI Users like 'spreadsheet_dashboard.spreadsheet_dashboard_menu_root' or 'base.menu_management'.

New fields (0)

No new fields.

Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-backend
GIT
GIThttps://github.com/OCA/server-backend.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-backend/tree/16.0/base_group_backend
VERSION
VERSION 1.2.0
CATEGORY
CATEGORYTools
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), Pierre Verkest
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), Pierre Verkest
COMMITTERS
COMMITTERSFlorian da Costa, David Beal, Weblate, OCA-git-bot, oca-ci, Clément Mombereau
WEBSITE
WEBSITEhttps://github.com/OCA/server-backend
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:54:00
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base
    - mail
    - base_setup
    - web
    - bus
    - web_tour
    - calendar
    - web_editor
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (2)
XML IDNameModelTypeStatus
backend_dummy_model_tree_view Backend dummy tree view backend.dummy.model tree New
web_editor.assets_edit_html_field New
Models touched (3)

New fields (4)
  • date_start Datetime
    default=fields.Datetime.now name='Date start' required=True
  • date_stop Datetime
    default=fields.Datetime.now name='Date stop' required=True
  • my_other_value Char
    name='Other value' required=True
  • my_value Char
    name='Value' required=True
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (1)
  • get_user_roots(self)
    @api.model@api.returns('self')
    Avoid to display root menus with no defined groups_id to Backend UI Users like 'spreadsheet_dashboard.spreadsheet_dashboard_menu_root' or 'base.menu_management'.

New fields (0)

No new fields.

Public methods (1)
  • has_group(self, group_ext_id)
    @api.model
    While ensuring a user is part of `base.group_user` this code will try if user is in the `base_group_backend.group_backend` group to let access to the odoo backend. This code avoid to overwrite a lot of places in controllers from different modules ('portal', 'web', 'base') with hardcoded statement that check if user is part of `base.group_user` group. As far `base.group_user` have a lot of default permission this makes hard to maintain proper access right according your business.
STATUS
STATUSOpen migration PR - not merged yet for this version
REPOSITORY
REPOSITORYOCA/server-backend
PULL REQUEST
PULL REQUEST[15.0][MIG] base_group_backend: Migration to 15.0 (#359)