In the Biotech sector, process rigor is not just a business requirement—it is a regulatory obligation. With this in mind, we recently strengthened Smart Biotech, a solution built on Odoo, to better address the specific role-segregation needs of users.
Problematic Permission Inheritance in Odoo
By default, Odoo applies a hierarchy between user groups. This means, for example, that an inventory user automatically becomes a quality module user as well. Likewise, a production operator is by default a quality user.
In the context of a Biotech company, this generic approach quickly becomes an obstacle. Access to quality-control modules must be reserved for specifically authorized personnel. Yet, in standard Odoo, it is difficult to prevent a production or logistics user from accessing quality data without disrupting business processes.
Unexpected Roadblocks
One might think it is enough to modify the access-group structure. This is indeed feasible, but it leads to significant functional blockages.
Let’s take two concrete examples:
1. Validating a receipt with quality control
If a quality-control checkpoint is defined on a receipt, then upon validation, Odoo attempts to create a QC record. Without sufficient rights to the quality module, the inventory user is blocked: they can no longer receive the goods.
2. Viewing a lot
Another common case: a quality user tries to view a lot record. Yet they receive an access error—why? Because the lot form contains computed fields (e.g., number of related purchase orders). These fields trigger access to other modules such as inventory or purchasing. If the quality user lacks those rights, the display fails.
Our Response: Segregate Without Blocking
To resolve these issues, we made targeted adaptations to Odoo’s standard behavior:
- We revised the field-calculation logic so that essential information (such as the number of purchase orders linked to a lot) remains visible without granting access to the linked objects (in this case, the orders themselves).
- We adjusted the processes so that critical actions (such as receiving goods or generating a QC) can occur without requiring unjustified cross-module permissions.
Thus, a quality user can view the data they need without accessing the logistics or purchasing modules. Similarly, a logistics operator can receive goods even if a QC checkpoint is triggered, without accessing the quality module.
Segregation That Respects Biotech Realities
Thanks to these adjustments, Smart Biotech enables strict role separation, compliant with regulatory requirements, while ensuring smooth business processes—an essential approach in environments where each role has a well-defined scope and any access-management gap can pose a compliance risk.
Do you think this solution could apply to your organization?
Curious to know more? Discover our biotechs and medtechs solution
Advanced Role Segregation in Odoo for Biotechs