UAC Security

What should Users of the Odoo ERP do in ensuring that the system is secure?

While you are taking the time to upload that upbeat song you heard on the radio, a cyber-attack just occurred. Fun fact: there is a hacker attack every 39 seconds! I believe this is a quite good reason to ensure that your Odoo ERP system is secure, guessing that the information kept is highly sensitive.

Check if your company is already taking the following measures.

Two points of view must be considered:

  • Secure practices for ERP-Administrators

  • Secure practices for end-users

Following guidelines apply for ERP-Administrators:

Ensure user’s access in the system is limited

Users should be given restricted access to specific Odoo modules, limited to their role in the company. The system’s usability should be restricted to the areas needed to fulfill their daily tasks and not more.

Password rotation

Be certain that the passwords are secure and renewed. This reduces the risk of being attacked, but also minimizes the exposure to attackers. Our advice is to rotate passwords 2 times a year.

Constraint the setup of the password with security recommendations

Ensure that your passwords are constructed out of min 12 characters. Implement numbers and symbols, combining them with upper and lower case letters.

Port numbers

When a hacker is using brute force to enter your system, how to enhance security better than using non-standard port numbers? You are going to make his life 65535 times more difficult by avoiding the default port number. For additional information check out Perimeter Security.

MFA or multi-factor authentication

Train your system some Sherlock Holmes moves so that it searches for evidence once you log in. MFA is a security measure that verifies the user’s identity by requiring additional credentials, such as a code from the user’s smartphone, the answer to a security question. Fingerprint and facial recognition are not in the picture, but it may be a great feature to implement into Odoo in the future. Odoo’s app store has a couple of MFA modules to offer. We are happy to make further recommendations if your company is interested in using MFA.

The second point of view is the Odoo users. What should they do?


Store their passwords in a secure location

Use strong password

In a nutshell not much, Odoo users have only one job and it is to keep their passwords safe and strong!


Perimeter Security for Odoo