The Direct Answer
If you navigate to /web/database/manager and see "Access Denied" or the page is blank, the database manager has been disabled via list_db = False in odoo.conf. This is intentional security hardening — the database manager exposes the ability to create, duplicate, drop, and restore databases to anyone who can reach your server.
Why It Gets Disabled
The Odoo security guide and most deployment checklists recommend setting list_db = False in production because:
- The manager was historically accessible without authentication.
- A master password brute-force could expose all databases.
- In a single-database deployment, there is no reason to expose it.
Many managed hosting providers (including automated Docker setups) set this flag by default.
How to Re-Enable It Temporarily
Find and edit your odoo.conf:
# /etc/odoo/odoo.conf (or wherever yours lives)
[options]
list_db = True
Then restart Odoo:
sudo systemctl restart odoo
# or Docker:
docker compose restart odoo
Navigate to https://yourdomain.com/web/database/manager. You will be prompted for the master password (set via admin_passwd in odoo.conf).
Setting a Strong Master Password
# Generate a strong password
python3 -c "import secrets; print(secrets.token_urlsafe(32))"
# Add to odoo.conf
admin_passwd = your_generated_password_here
The master password gates all database manager operations. Without it, even with list_db = True, no destructive action is possible.
When to Leave It Disabled
In production, single-database deployments should keep list_db = False. Use command-line tools for database operations instead:
# Backup
pg_dump -U odoo -Fc mydb > mydb_$(date +%Y%m%d).dump
# Restore
pg_restore -U odoo -d newdb mydb_20260101.dump
# Duplicate (for staging)
createdb -U odoo -T mydb staging_mydb
Also block the path at the nginx level for belt-and-suspenders protection:
location /web/database {
deny all;
return 403;
}
Enabling Only for a Specific IP
location /web/database {
allow 203.0.113.10; # your office IP
deny all;
proxy_pass http://127.0.0.1:8069;
# ... standard proxy headers
}
This is the best of both worlds: the manager is accessible from your IP but blocked everywhere else.
Accessing Databases Without the Manager
If the manager is disabled and you need to do database work, use psql or the Odoo CLI directly:
# List databases
psql -U odoo -c "\l"
# Neutralise the Odoo URL to switch databases in the URL bar
# Odoo uses ?db=dbname in some versions — or /web?db=dbname
How DeployMonkey Handles This
DeployMonkey keeps list_db = False in all production instances by default. Database backup, restore, and duplication (for staging) are handled through the DeployMonkey control panel — no database manager exposure needed. Your master password is randomly generated per instance and stored encrypted.
See Backup Odoo Database for the backup workflow. Start free at deploymonkey.app.
Frequently Asked Questions
I forgot my master password — how do I reset it?
Edit odoo.conf, set admin_passwd to a new value, and restart Odoo. The master password is stored in plain text in the config file (not in the database), so there is no hash to crack.
Can I disable the manager for some paths but not others?
Yes — use nginx location blocks with IP allowlisting as shown above. This is more flexible than the list_db flag, which is all-or-nothing.
Does list_db = False affect login?
In a single-database setup, the database selector disappears from the login page. Users go directly to the login form for the single configured database. This is normal and correct.
Why is the database manager blank instead of showing an error?
Some nginx configurations intercept the 403 and return a generic page. Check nginx error logs and the Odoo log simultaneously to see what is actually happening.