Mail.channel: access only public and joined groups [ '|', '&', ('channel_type', '!=', 'channel'), ('is_member', '=', True), '&', ('channel_type', '=', 'channel'), '|', ('group_public_id', '=', False), ('group_public_id', 'in', [g.id for g in user.groups_id])] Mail.channel: admin full access [(1, '=', 1)] mail.channel.member: write its own entries [ '|', '&', ('channel_id.channel_type', '!=', 'channel'), ('channel_id.is_member', '=', True), '&', ('channel_id.channel_type', '=', 'channel'), '|', ('channel_id.group_public_id', '=', False), ('channel_id.group_public_id', 'in', [g.id for g in user.groups_id])] mail.channel.member: admin can manipulate all entries [(1, '=', 1)] mail.notifications: group_user: write its own entries [('res_partner_id', '=', user.partner_id.id)] mail.message.subtype: portal/public: read public subtypes [('internal', '=', False)] mail.activity: user: write/unlink only (created or assigned) ['|', ('user_id', '=', user.id), ('create_uid', '=', user.id)] Mail Compose Message Rule [('create_uid', '=', user.id)] Employees can only change their own templates [('create_uid', '=', user.id)] Mail Template Editors - Edit All Templates [(1, '=', 1)] Administrators can access all User Settings. [(1, '=', 1)] res.users.settings: access their own entries [('user_id', '=', user.id)] res.users.settings.volumes: access their own entries [('user_setting_id.user_id', '=', user.id)] Administrators can access all User Settings volumes. [(1, '=', 1)]