Odoo AccessError: 'Operation not allowed' — Causes & Fixes

What AccessError Means

Odoo raises AccessError when a user tries to perform an operation they do not have permission for. This is Odoo's access control system working correctly — the question is whether the permission is misconfigured or the user genuinely should not have access.

Cause 1: Missing ir.model.access.csv Entry

When: Custom model has no access rule file.

Symptom: AccessError: You are not allowed to access 'My Custom Model'

Fix:

# security/ir.model.access.csv
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
access_my_model_user,my.model.user,model_my_model,base.group_user,1,0,0,0
access_my_model_manager,my.model.manager,model_my_model,base.group_system,1,1,1,1

Make sure the CSV is listed in __manifest__.py under 'data'.

Cause 2: Record Rule Blocking Access

When: User can see the menu but cannot access specific records.

Symptom: AccessError: The requested operation cannot be completed due to security restrictions

Diagnosis:

# Check record rules for the model
SELECT name, domain_force, groups 
FROM ir_rule 
WHERE model_id = (SELECT id FROM ir_model WHERE model = 'my.model');

Common causes:

• Multi-company record rule: [('company_id', 'in', company_ids)] — user's company does not match
• Custom record rule with restrictive domain
• Team-based rule: user is not a member of the assigned team

Fix: Either add the user to the correct group/company/team, or adjust the record rule domain.

Cause 3: sudo() Used Incorrectly

When: Code works for admin but fails for regular users.

Symptom: Error only for non-admin users.

Fix: If the operation legitimately needs elevated permissions:

# Use sudo() for the specific operation that needs it
def _create_sequence(self):
    # Regular user cannot create ir.sequence directly
    return self.env['ir.sequence'].sudo().create({...})

Warning: Do NOT use sudo() to fix every access error. Understand why the access was denied first.

Cause 4: Wrong Security Group Assignment

When: User has the menu but not the right to perform the operation.

Diagnosis:

# Check user's groups
user.groups_id.mapped('full_name')

# Check what group the operation requires
# Look at ir.model.access.csv for the model

Fix: Assign the correct security group to the user in Settings → Users.

Cause 5: Computed Field Accessing Restricted Model

When: A computed field on Model A tries to read Model B, but the user lacks access to Model B.

Symptom: AccessError when loading a form or list view — not during an explicit operation.

Fix:

# Use sudo() in the compute method for the restricted read
@api.depends('partner_id')
def _compute_credit_info(self):
    for record in self:
        # Partner credit data might be restricted
        partner = record.partner_id.sudo()
        record.credit_limit = partner.credit_limit

Debugging Steps

1. Check the Odoo log for the exact error message and model name
2. Verify the user's security groups in Settings → Users
3. Check ir.model.access.csv for the model — does the user's group have the right permission?
4. Check ir.rule for the model — is a record rule filtering the record?
5. If custom module, verify the security file is in __manifest__.py

DeployMonkey AI Diagnostics

DeployMonkey's AI agent can diagnose AccessError issues instantly. Paste the error message, and it identifies the model, checks the user's groups, reviews access rules, and provides the specific fix.