Record Rule Runtime Risk
A finding from the Migration Audit that flags ir.rule records, whose access control behavior should be retested on the target Odoo version.
What This Finding Means
The module defines ir.rule records that constrain which records a user can read or write. These rules depend on the model schema and ORM behavior, both of which can change between versions.
Why It Matters
A record rule that loads without error can still grant or deny access incorrectly after migration. A field used in the domain may have moved, the meaning of a related field may differ, or evaluation context variables may resolve differently, all of which affect security outcomes.
Example
<record id="sale_order_personal_rule" model="ir.rule">
<field name="name">Personal Orders Only</field>
<field name="model_id" ref="model_sale_order"/>
<field name="domain_force">[('user_id','=',user.id)]</field>
</record>Target Version Risk
- Domain field renamed or moved between versions
- Combined with
ir.model.access.csvchanges, effective access may shift - Evaluation context variables resolving differently
Recommended Fix Direction
Review each rule's domain_force against the target model schema and confirm every field it references still exists. Cross-check the rule's groups and the related ir.model.access.csv entries so the combined effect matches the intended access.
How to Verify Manually
On the target version, create test users with different access levels and group memberships. Log in as each and confirm every record rule allows and denies access exactly as expected for reads, writes, and deletes.
Related Odoo Doctor Tool
The Migration Audit lists the record rules in your module so you can pair the scan with manual access control testing on the target version.
Run Migration Audit